place for Postfix keytab files to make selinux happy
Miroslav Grepl
mgrepl at redhat.com
Mon Dec 29 10:25:35 UTC 2014
On 12/23/2014 09:44 PM, Stephen Ingram wrote:
> I'm using Fedora 20 and CentOS 7 and have tried several places to
> place keytab files for Postfix. Each time I'm getting a denied message:
>
> type=AVC msg=audit(1419366895.530:491753): avc: denied { search }
> for pid=28412 comm="lmtp" name="postfix" dev="xvda1" ino=1223493
> scontext=system_u:system_r:postfix_smtp_t:s0
> tcontext=system_u:object_r:postfix_data_t:s0 tclass=dir
> type=SYSCALL msg=audit(1419366895.530:491753): arch=c000003e syscall=4
> success=no exit=-13 a0=7f347b8377f0 a1=7fffa6f23670 a2=7fffa6f23670
> a3=7fffa6f23540 items=0 ppid=28406 pid=28412 auid=4294967295 uid=89
> gid=89 euid=89 suid=89 fsuid=89 egid=89 sgid=89 fsgid=89 tty=(none)
> ses=4294967295 comm="lmtp" exe="/usr/libexec/postfix/lmtp"
> subj=system_u:system_r:postfix_smtp_t:s0 key=(null)
>
> I see on the postfix_selinux man page that there is a postfix_keytab_t
> type, however, even if I use this, postfix is not able to read the
> credential file. Has anyone gotten this to work?
>
> Steve
What AVC do you get with the default setup?
We will need to add additional rules.
>
>
> --
> selinux mailing list
> selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/selinux/attachments/20141229/060f37e4/attachment.html>
More information about the selinux
mailing list