On Tue, 2004-03-30 at 03:55, Russell Coker wrote:
Add the following to postfix.te:
allow postfix_master_t postfix_etc_t:file rw_file_perms;
Is that truly what you want, i.e. allowing it to rewrite any file with
that type? Should the aliases.db file be moved into a separate type, so
that only it needs to be writable?
allow postfix_master_t devpts_t:dir search;
> Mar 29 17:33:36 pizza kernel: audit(1080603216.597:0): avc: denied {
> execute } for pid=5104 exe=/bin/bash name=master dev=sda3 ino=1407396
> scontext=root:system_r:postfix_master_t tcontext=system_u:object_r:lib_t
> tclass=file
What is this "master" file? Please run "find / -inum 1407396" and
tell me
what it reports.
Even better, boot with audit=1 so that the supplementary audit records
will report the pathname passed to the system call.
--
Stephen Smalley <sds(a)epoch.ncsc.mil>
National Security Agency