[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

postfix sendmail and GeoIP

From: John Griffiths <fedora02 grifent com>
To: fedora-selinux-list redhat com
Subject: postfix sendmail and GeoIP
Date: Wed, 16 Jan 2008 09:55:35 -0500

I use postfix and installed GeoIP so that country of origin can bedetermined from the IP. postfix.sendmail is constrained so that itcannot read the GeoIP database file, /usr/share/GeoIP/GeoIP.dat .


The AVC is:

   avc: denied { read } for comm=sendmail dev=dm-0 egid=48 euid=48
   exe=/usr/sbin/sendmail.postfix exit=0 fsgid=48 fsuid=48 gid=48
   items=0 path=/usr/share/GeoIP/GeoIP.dat pid=27728
   scontext=system_u:system_r:system_mail_t:s0 sgid=48
   subj=system_u:system_r:system_mail_t:s0 suid=48 tclass=file
   tcontext=system_u:object_r:usr_t:s0 tty=(none) uid=48


I ran audit2allow -M  which produced the following policy:

   module postfixSendmail 1.0;

   require {
           type system_mail_t;
           type usr_t;
           class file read;
   }

   #============= system_mail_t ==============
   allow system_mail_t usr_t:file read;

I don't think allowing postfix.sendmail to read all files of type usr_tis the right thing to do, yet, I do need to allow postfix.sendmail toread the GeoIP data file.


Any suggestions?

Regards,
John

Follow-Ups:
- Re: postfix sendmail and GeoIP
  - From: Stefan Schulze Frielinghaus
- Re: postfix sendmail and GeoIP
  - From: Dave Quigley

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]