postfix high-ports prob
Daniel J Walsh
dwalsh at redhat.com
Sat Mar 11 15:01:40 UTC 2006
Holger Burde wrote:
> Hi;
>
> FC 4 currrent with targeted - up2date & unmodified.
>
> The postfix Policy or some other seems 2 prevent binding postfix to
> unpriv Ports > 1023 (10026 in my case). Is this intentional and if why ?
> Daemon based Filtering stuff needs those high-ports.
> Since after setting setenforce to 0 it works i think i must be policy
> related (the system has no source policy - so i didn't dig into that
> yet).
>
> Mar 11 14:06:40 proton postfix/master[3413]: fatal: bind 127.0.0.1 port
> 10026: Permission denied
>
> No avc denies (audit2allow) - strange and not funny .. if its policy
> related.
>
> PS I use some of my own RPMs (clamsmtp & anomy ..) with Postfix (FC4) &
> Clamav (FC4 extras) which works beside this Port Problem. Since selinux
> is part of my security Concept setenforce 0 is no option.
> hb
>
Well you have two choices. You can update to FC5 and use some of the
semanage to add additional ports
to postfix.
In order to get these additional audit messages in FC4 you need to
install policy-sources and run a
make enableaudit; make reload, you can also edit the postfix policy to
allow the additional ports. You need to
edit net_context file.
In FC5 you can just load the enableaudit.pp policy package semodule -b
/usr/share/selinux/targeted/enableaudit.pp
Lots of new features in FC5 to handle local customizations.
More information about the selinux
mailing list