Request Tracker 3
Kanwar Ranbir Sandhu
m3freak at rogers.com
Wed Feb 2 16:36:16 UTC 2005
On Wed, 2005-02-02 at 10:56 -0500, Daniel J Walsh wrote:
> could you d a
>
> chcon -R -t mail_spool_t /var/spool/postfix
Mail config in RT:
------------------
mail command: sendmail
arguments: -oi
path: /usr/sbin/sendmail
avc messages:
-------------
None! RT received the email and sent out an auto-reply without any
selinux denials!
However, the other email config produced many more selinux denials than
before (last time there was only one message). I included the messages
below anyway.
Mail config in RT:
------------------
mail command: sendmailpipe
arguments: -oi -t #(-t required, as stated in RT docs)
path: /usr/sbin/sendmail
avc messages:
-------------
avc: denied { search } for pid=6171 exe=/usr/bin/perl name=postfix
dev=dm-5 ino=34833 scontext=user_u:system_r:httpd_sys_script_t
tcontext=system_u:object_r:mail_spool_t tclass=dir
avc: denied { read } for pid=6173 exe=/usr/sbin/httpd name=sendmail
dev=dm-3 ino=277369 scontext=root:system_r:httpd_t
tcontext=user_u:object_r:sbin_t tclass=lnk_file
avc: denied { getattr } for pid=6173 exe=/usr/sbin/sendmail.postfix
path=socket:[14495] dev=sockfs ino=14495
scontext=root:system_r:system_mail_t tcontext=root:system_r:httpd_t
tclass=unix_stream_socket
avc: denied { search } for pid=6173 exe=/usr/sbin/sendmail.postfix
name=postfix dev=dm-5 ino=34833 scontext=root:system_r:system_mail_t
tcontext=system_u:object_r:mail_spool_t tclass=dir
avc: denied { execute } for pid=6174 exe=/usr/sbin/sendmail.postfix
name=postdrop dev=dm-3 ino=276825 scontext=root:system_r:system_mail_t
tcontext=system_u:object_r:sbin_t tclass=file
avc: denied { execute_no_trans } for pid=6174
exe=/usr/sbin/sendmail.postfix path=/usr/sbin/postdrop dev=dm-3
ino=276825 scontext=root:system_r:system_mail_t
tcontext=system_u:object_r:sbin_t tclass=file
avc: denied { read } for pid=6174 exe=/usr/sbin/sendmail.postfix
path=/usr/sbin/postdrop dev=dm-3 ino=276825
scontext=root:system_r:system_mail_t tcontext=system_u:object_r:sbin_t
tclass=file
avc: denied { write } for pid=6174 exe=/usr/sbin/postdrop
name=maildrop dev=dm-5 ino=34842 scontext=root:system_r:system_mail_t
tcontext=system_u:object_r:mail_spool_t tclass=dir
avc: denied { add_name } for pid=6174 exe=/usr/sbin/postdrop
name=530173.6174 scontext=root:system_r:system_mail_t
tcontext=system_u:object_r:mail_spool_t tclass=dir
avc: denied { create } for pid=6174 exe=/usr/sbin/postdrop
name=530173.6174 scontext=root:system_r:system_mail_t
tcontext=root:object_r:mail_spool_t tclass=file
avc: denied { getattr } for pid=6174 exe=/usr/sbin/postdrop
path=/var/spool/postfix/maildrop/530173.6174 dev=dm-5 ino=34911
scontext=root:system_r:system_mail_t tcontext=root:object_r:mail_spool_t
tclass=file
avc: denied { remove_name } for pid=6174 exe=/usr/sbin/postdrop
name=530173.6174 dev=dm-5 ino=34911 scontext=root:system_r:system_mail_t
tcontext=system_u:object_r:mail_spool_t tclass=dir
avc: denied { rename } for pid=6174 exe=/usr/sbin/postdrop
name=530173.6174 dev=dm-5 ino=34911 scontext=root:system_r:system_mail_t
tcontext=root:object_r:mail_spool_t tclass=file
avc: denied { write } for pid=6174 exe=/usr/sbin/postdrop
path=/var/spool/postfix/maildrop/9BD83885F dev=dm-5 ino=34911
scontext=root:system_r:system_mail_t tcontext=root:object_r:mail_spool_t
tclass=file
avc: denied { setattr } for pid=6174 exe=/usr/sbin/postdrop
name=9BD83885F dev=dm-5 ino=34911 scontext=root:system_r:system_mail_t
tcontext=root:object_r:mail_spool_t tclass=file
avc: denied { getattr } for pid=6174 exe=/usr/sbin/postdrop
path=/var/spool/postfix/public/pickup dev=dm-5 ino=34827
scontext=root:system_r:system_mail_t
tcontext=user_u:object_r:mail_spool_t tclass=fifo_file
avc: denied { write } for pid=6174 exe=/usr/sbin/postdrop name=pickup
dev=dm-5 ino=34827 scontext=root:system_r:system_mail_t
tcontext=user_u:object_r:mail_spool_t tclass=fifo_file
Regards,
Ranbir
--
Kanwar Ranbir Sandhu
Linux Consultant
Systems Aligned Inc.
www.systemsaligned.com
More information about the selinux
mailing list