Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Fedora SELinux Support (http://www.linux-archive.org/fedora-selinux-support/)
-   -   LMTP, Postfix, Dovecot AVC denial (http://www.linux-archive.org/fedora-selinux-support/569014-lmtp-postfix-dovecot-avc-denial.html)

Jens Falsmar Oechsler 08-27-2011 11:03 PM

LMTP, Postfix, Dovecot AVC denial
 
Hello
*
Getting errors below when using Postfix with LMTP deliver to Dovecot on same
machine. Should Dovecot configure LMTP in another path, context or how do I
resolve?* *
*
type=AVC msg=audit(1314483455.100:17918): avc:* denied* { search } for* pid=6665
comm="lmtp" name="dovecot" dev=vda1 ino=1051484
scontext=system_u:system_r:postfix_smtp_t:s0 tcontext=system
_u:object_r:dovecot_var_run_t:s0 tclass=dir
type=AVC msg=audit(1314483455.100:17918): avc:* denied* { write } for* pid=6665
comm="lmtp" name="lmtp" dev=vda1 ino=1044670
scontext=system_u:system_r:postfix_smtp_t:s0 tcontext=system_u:o
bject_r:dovecot_var_run_t:s0 tclass=sock_file
type=AVC msg=audit(1314483455.100:17918): avc:* denied* { connectto } for*
pid=6665 comm="lmtp" path="/var/run/dovecot/lmtp"
scontext=system_u:system_r:postfix_smtp_t:s0 tcontext=system_u:s
ystem_r:dovecot_t:s0 tclass=unix_stream_socket
type=SYSCALL msg=audit(1314483455.100:17918): arch=c000003e syscall=42
success=yes exit=0 a0=e a1=7fff1e9e21d0 a2=6e a3=7fff1e9e1e70 items=0 ppid=1177
pid=6665 auid=4294967295 uid=89 gid=89
*euid=89 suid=89 fsuid=89 egid=89 sgid=89 fsgid=89 tty=(none) ses=4294967295
comm="lmtp" exe="/usr/libexec/postfix/lmtp"
subj=system_u:system_r:postfix_smtp_t:s0 key=(null)
*
Thanks in advance*
--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux

Jens Falsmar Oechsler 08-27-2011 11:07 PM

LMTP, Postfix, Dovecot AVC denial
 
On August 28, 2011 at 1:03 AM Jens Falsmar Oechsler <joe@devzero.dk> wrote:

> Hello
> *
> Getting errors below when using Postfix with LMTP deliver to Dovecot on same
> machine. Should Dovecot configure LMTP in another path, context or how do I
> resolve?* *
> *
> type=AVC msg=audit(1314483455.100:17918): avc:* denied* { search } for*
> pid=6665
> comm="lmtp" name="dovecot" dev=vda1 ino=1051484
> scontext=system_u:system_r:postfix_smtp_t:s0 tcontext=system
> _u:object_r:dovecot_var_run_t:s0 tclass=dir
> type=AVC msg=audit(1314483455.100:17918): avc:* denied* { write } for*
> pid=6665
> comm="lmtp" name="lmtp" dev=vda1 ino=1044670
> scontext=system_u:system_r:postfix_smtp_t:s0 tcontext=system_u:o
> bject_r:dovecot_var_run_t:s0 tclass=sock_file
> type=AVC msg=audit(1314483455.100:17918): avc:* denied* { connectto } for*
> pid=6665 comm="lmtp" path="/var/run/dovecot/lmtp"
> scontext=system_u:system_r:postfix_smtp_t:s0 tcontext=system_u:s
> ystem_r:dovecot_t:s0 tclass=unix_stream_socket
> type=SYSCALL msg=audit(1314483455.100:17918): arch=c000003e syscall=42
> success=yes exit=0 a0=e a1=7fff1e9e21d0 a2=6e a3=7fff1e9e1e70 items=0
> ppid=1177
> pid=6665 auid=4294967295 uid=89 gid=89
> *euid=89 suid=89 fsuid=89 egid=89 sgid=89 fsgid=89 tty=(none) ses=4294967295
> comm="lmtp" exe="/usr/libexec/postfix/lmtp"
> subj=system_u:system_r:postfix_smtp_t:s0 key=(null)
> *
> Thanks in advance*
> --
> selinux mailing list
> selinux@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
*
Should mention it is Fedora 14*
--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux

Dominick Grift 08-28-2011 09:15 AM

LMTP, Postfix, Dovecot AVC denial
 
Could be a bug in Fedora SELinux policy (any). To fix:

mkdir ~/mypostfix; cd ~/mypostfix;
echo "policy_module(mypostfix, 1.0.0) optional_policy(` gen_require(`
type postfix_smtp_t; ') dovecot_stream_connect(postfix_smtp_t)')" >
mypostfix.te;

make -f /usr/share/selinux/devel/Makefile mypostfix.pp
sudo semodule -i mypostfix.pp

Please consider filing a bugzilla in the selinux-policy component.

On Sun, 2011-08-28 at 01:07 +0200, Jens Falsmar Oechsler wrote:
> On August 28, 2011 at 1:03 AM Jens Falsmar Oechsler <joe@devzero.dk> wrote:
>
> > Hello
> >
> > Getting errors below when using Postfix with LMTP deliver to Dovecot on same
> > machine. Should Dovecot configure LMTP in another path, context or how do I
> > resolve?
> >
> > type=AVC msg=audit(1314483455.100:17918): avc: denied { search } for
> > pid=6665
> > comm="lmtp" name="dovecot" dev=vda1 ino=1051484
> > scontext=system_u:system_r:postfix_smtp_t:s0 tcontext=system
> > _u:object_r:dovecot_var_run_t:s0 tclass=dir
> > type=AVC msg=audit(1314483455.100:17918): avc: denied { write } for
> > pid=6665
> > comm="lmtp" name="lmtp" dev=vda1 ino=1044670
> > scontext=system_u:system_r:postfix_smtp_t:s0 tcontext=system_u:o
> > bject_r:dovecot_var_run_t:s0 tclass=sock_file
> > type=AVC msg=audit(1314483455.100:17918): avc: denied { connectto } for
> > pid=6665 comm="lmtp" path="/var/run/dovecot/lmtp"
> > scontext=system_u:system_r:postfix_smtp_t:s0 tcontext=system_u:s
> > ystem_r:dovecot_t:s0 tclass=unix_stream_socket
> > type=SYSCALL msg=audit(1314483455.100:17918): arch=c000003e syscall=42
> > success=yes exit=0 a0=e a1=7fff1e9e21d0 a2=6e a3=7fff1e9e1e70 items=0
> > ppid=1177
> > pid=6665 auid=4294967295 uid=89 gid=89
> > euid=89 suid=89 fsuid=89 egid=89 sgid=89 fsgid=89 tty=(none) ses=4294967295
> > comm="lmtp" exe="/usr/libexec/postfix/lmtp"
> > subj=system_u:system_r:postfix_smtp_t:s0 key=(null)
> >
> > Thanks in advance
> > --
> > selinux mailing list
> > selinux@lists.fedoraproject.org
> > https://admin.fedoraproject.org/mailman/listinfo/selinux
>
> Should mention it is Fedora 14
> --
> selinux mailing list
> selinux@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux

Jens Falsmar Oechsler 08-28-2011 12:02 PM

LMTP, Postfix, Dovecot AVC denial
 
On August 28, 2011 at 11:15 AM Dominick Grift <domg472@gmail.com> wrote:

>
> Could be a bug in Fedora SELinux policy (any). To fix:
>
> mkdir ~/mypostfix; cd ~/mypostfix;
> echo "policy_module(mypostfix, 1.0.0) optional_policy(` gen_require(`
> type postfix_smtp_t; ') dovecot_stream_connect(postfix_smtp_t)')" >
> mypostfix.te;
>
> make -f /usr/share/selinux/devel/Makefile mypostfix.pp
> sudo semodule -i mypostfix.pp
>
> Please consider filing a bugzilla in the selinux-policy component.
>
*
Thanks a lot.
Here is bug report: *
https://bugzilla.redhat.com/show_bug.cgi?id=733896
--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux


All times are GMT. The time now is 06:40 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.