postfix fifo file

Craig White craigwhite at azapple.com
Thu Apr 9 15:44:24 UTC 2009 

This is from a newly setup CentOS 5.3 server...and I definitely don't
understand what it's wanting to make it happy.

# sealert -l 6208be6e-3fb4-4748-80e8-769687066b83

Summary:

SELinux is preventing postfix-script (postfix_master_t) "ioctl" to pipe
(crond_t).                                                             

Detailed Description:

[SELinux is in permissive mode, the operation would have been denied but
was permitted due to permissive mode.]

SELinux denied access requested by postfix-script. It is not expected
that this access is required by postfix-script and this access may
signal an intrusion attempt. It is also possible that the specific
version or configuration of the application is causing it to require
additional access. 

Allowing Access:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can
disable SELinux protection altogether. Disabling SELinux protection is
not recommended.
Please file a bug report
(http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

Additional Information:

Source Context                user_u:system_r:postfix_master_t
Target Context
system_u:system_r:crond_t:SystemLow-SystemHigh
Target Objects                pipe [ fifo_file ]
Source                        postfix-script
Source Path                   /bin/bash
Port                          <Unknown>
Host                          srv1.azapple.com
Source RPM Packages           bash-3.2-24.el5
Target RPM Packages
Policy RPM                    selinux-policy-2.4.6-203.el5
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Permissive
Plugin Name                   catchall
Host Name                     srv1.azapple.com
Platform                      Linux srv1.azapple.com 2.6.18-128.1.1.el5
#1 SMP
                              Wed Mar 25 18:15:30 EDT 2009 i686 i686
Alert Count                   8
First Seen                    Thu Apr  2 04:34:40 2009
Last Seen                     Thu Apr  9 04:17:20 2009
Local ID                      6208be6e-3fb4-4748-80e8-769687066b83
Line Numbers

Raw Audit Messages

host=srv1.azapple.com type=AVC msg=audit(1239275840.489:3152): avc:
denied  { ioctl } for  pid=11778 comm="postfix-script"
path="pipe:[1634010]" dev=pipefs ino=1634010
scontext=user_u:system_r:postfix_master_t:s0
tcontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tclass=fifo_file

host=srv1.azapple.com type=SYSCALL msg=audit(1239275840.489:3152):
arch=40000003 syscall=54 success=no exit=-22 a0=0 a1=5401 a2=bfc30d40
a3=bfc30e4c items=0 ppid=11761 pid=11778 auid=0 uid=0 gid=0 euid=0
suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=212
comm="postfix-script" exe="/bin/bash"
subj=user_u:system_r:postfix_master_t:s0 key=(null)



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the selinux mailing list