Hello Getting errors below when using Postfix with LMTP deliver to Dovecot on same machine. Should Dovecot configure LMTP in another path, context or how do I resolve? type=AVC msg=audit(1314483455.100:17918): avc: denied { search } for pid=6665 comm="lmtp" name="dovecot" dev=vda1 ino=1051484 scontext=system_u:system_r:postfix_smtp_t:s0 tcontext=system _u:object_r:dovecot_var_run_t:s0 tclass=dir type=AVC msg=audit(1314483455.100:17918): avc: denied { write } for pid=6665 comm="lmtp" name="lmtp" dev=vda1 ino=1044670 scontext=system_u:system_r:postfix_smtp_t:s0 tcontext=system_u:o bject_r:dovecot_var_run_t:s0 tclass=sock_file type=AVC msg=audit(1314483455.100:17918): avc: denied { connectto } for pid=6665 comm="lmtp" path="/var/run/dovecot/lmtp" scontext=system_u:system_r:postfix_smtp_t:s0 tcontext=system_u:s ystem_r:dovecot_t:s0 tclass=unix_stream_socket type=SYSCALL msg=audit(1314483455.100:17918): arch=c000003e syscall=42 success=yes exit=0 a0=e a1=7fff1e9e21d0 a2=6e a3=7fff1e9e1e70 items=0 ppid=1177 pid=6665 auid=4294967295 uid=89 gid=89 euid=89 suid=89 fsuid=89 egid=89 sgid=89 fsgid=89 tty=(none) ses=4294967295 comm="lmtp" exe="/usr/libexec/postfix/lmtp" subj=system_u:system_r:postfix_smtp_t:s0 key=(null) Thanks in advance
On August 28, 2011 at 1:03 AM Jens Falsmar Oechsler joe@devzero.dk wrote:
Hello Getting errors below when using Postfix with LMTP deliver to Dovecot on same machine. Should Dovecot configure LMTP in another path, context or how do I resolve? type=AVC msg=audit(1314483455.100:17918): avc: denied { search } for pid=6665 comm="lmtp" name="dovecot" dev=vda1 ino=1051484 scontext=system_u:system_r:postfix_smtp_t:s0 tcontext=system _u:object_r:dovecot_var_run_t:s0 tclass=dir type=AVC msg=audit(1314483455.100:17918): avc: denied { write } for pid=6665 comm="lmtp" name="lmtp" dev=vda1 ino=1044670 scontext=system_u:system_r:postfix_smtp_t:s0 tcontext=system_u:o bject_r:dovecot_var_run_t:s0 tclass=sock_file type=AVC msg=audit(1314483455.100:17918): avc: denied { connectto } for pid=6665 comm="lmtp" path="/var/run/dovecot/lmtp" scontext=system_u:system_r:postfix_smtp_t:s0 tcontext=system_u:s ystem_r:dovecot_t:s0 tclass=unix_stream_socket type=SYSCALL msg=audit(1314483455.100:17918): arch=c000003e syscall=42 success=yes exit=0 a0=e a1=7fff1e9e21d0 a2=6e a3=7fff1e9e1e70 items=0 ppid=1177 pid=6665 auid=4294967295 uid=89 gid=89 euid=89 suid=89 fsuid=89 egid=89 sgid=89 fsgid=89 tty=(none) ses=4294967295 comm="lmtp" exe="/usr/libexec/postfix/lmtp" subj=system_u:system_r:postfix_smtp_t:s0 key=(null) Thanks in advance -- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux
Should mention it is Fedora 14
Could be a bug in Fedora SELinux policy (any). To fix:
mkdir ~/mypostfix; cd ~/mypostfix; echo "policy_module(mypostfix, 1.0.0) optional_policy(` gen_require(` type postfix_smtp_t; ') dovecot_stream_connect(postfix_smtp_t)')" > mypostfix.te;
make -f /usr/share/selinux/devel/Makefile mypostfix.pp sudo semodule -i mypostfix.pp
Please consider filing a bugzilla in the selinux-policy component.
On Sun, 2011-08-28 at 01:07 +0200, Jens Falsmar Oechsler wrote:
On August 28, 2011 at 1:03 AM Jens Falsmar Oechsler joe@devzero.dk wrote:
Hello
Getting errors below when using Postfix with LMTP deliver to Dovecot on same machine. Should Dovecot configure LMTP in another path, context or how do I resolve?
type=AVC msg=audit(1314483455.100:17918): avc: denied { search } for pid=6665 comm="lmtp" name="dovecot" dev=vda1 ino=1051484 scontext=system_u:system_r:postfix_smtp_t:s0 tcontext=system _u:object_r:dovecot_var_run_t:s0 tclass=dir type=AVC msg=audit(1314483455.100:17918): avc: denied { write } for pid=6665 comm="lmtp" name="lmtp" dev=vda1 ino=1044670 scontext=system_u:system_r:postfix_smtp_t:s0 tcontext=system_u:o bject_r:dovecot_var_run_t:s0 tclass=sock_file type=AVC msg=audit(1314483455.100:17918): avc: denied { connectto } for pid=6665 comm="lmtp" path="/var/run/dovecot/lmtp" scontext=system_u:system_r:postfix_smtp_t:s0 tcontext=system_u:s ystem_r:dovecot_t:s0 tclass=unix_stream_socket type=SYSCALL msg=audit(1314483455.100:17918): arch=c000003e syscall=42 success=yes exit=0 a0=e a1=7fff1e9e21d0 a2=6e a3=7fff1e9e1e70 items=0 ppid=1177 pid=6665 auid=4294967295 uid=89 gid=89 euid=89 suid=89 fsuid=89 egid=89 sgid=89 fsgid=89 tty=(none) ses=4294967295 comm="lmtp" exe="/usr/libexec/postfix/lmtp" subj=system_u:system_r:postfix_smtp_t:s0 key=(null)
Thanks in advance
selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux
Should mention it is Fedora 14
selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux
On August 28, 2011 at 11:15 AM Dominick Grift domg472@gmail.com wrote:
Could be a bug in Fedora SELinux policy (any). To fix:
mkdir ~/mypostfix; cd ~/mypostfix; echo "policy_module(mypostfix, 1.0.0) optional_policy(` gen_require(` type postfix_smtp_t; ') dovecot_stream_connect(postfix_smtp_t)')" > mypostfix.te;
make -f /usr/share/selinux/devel/Makefile mypostfix.pp sudo semodule -i mypostfix.pp
Please consider filing a bugzilla in the selinux-policy component.
Thanks a lot. Here is bug report: https://bugzilla.redhat.com/show_bug.cgi?id=733896
selinux@lists.fedoraproject.org
-
Dominick Grift -
Jens Falsmar Oechsler