squirrelmail / postfix mail lost policy 1.17.30-2.80

Daniel J Walsh dwalsh at redhat.com
Fri Feb 25 20:41:21 UTC 2005 

Jeremy Ardley wrote:

> Daniel J Walsh wrote:
>
>>> Feb 25 05:01:08 mail kernel: audit(1109278868.985:0): avc:  denied  
>>> { search } for  pid=9813 exe=/usr/sbin/sendmail.postfix name=postfix 
>>> dev=dm-0 ino=4032524 scontext=user_u:system_r:system_mail_t 
>>> tcontext=system_u:object_r:mail_spool_t tclass=dir
>>>
>> Could you run one more test.
>> Run setenforce 0
>> and then try to use the mail program.  What other AVC messages do you 
>> see?
>>
> Feb 26 03:58:10 mail kernel: audit(1109361490.957:0): avc:  denied  { 
> search } for  pid=11105 exe=/usr/sbin/sendmail.postfix name=postfix 
> dev =dm-0 ino=4032524 scontext=user_u:system_r:system_mail_t 
> tcontext=system_u:object_r:mail_spool_t tclass=dir
> Feb 26 03:58:10 mail kernel: audit(1109361490.975:0): avc:  denied  { 
> execute } for  pid=11106 exe=/usr/sbin/sendmail.postfix name=postdrop 
> d ev=dm-0 ino=2961715 scontext=user_u:system_r:system_mail_t 
> tcontext=system_u:object_r:sbin_t tclass=file
> Feb 26 03:58:10 mail kernel: audit(1109361490.976:0): avc:  denied  { 
> execute_no_trans } for  pid=11106 exe=/usr/sbin/sendmail.postfix 
> path=/ usr/sbin/postdrop dev=dm-0 ino=2961715 
> scontext=user_u:system_r:system_mail_t 
> tcontext=system_u:object_r:sbin_t tclass=file
> Feb 26 03:58:10 mail kernel: audit(1109361490.976:0): avc:  denied  { 
> read } for  pid=11106 exe=/usr/sbin/sendmail.postfix 
> path=/usr/sbin/pos tdrop dev=dm-0 ino=2961715 
> scontext=user_u:system_r:system_mail_t 
> tcontext=system_u:object_r:sbin_t tclass=file
> Feb 26 03:58:11 mail kernel: audit(1109361491.017:0): avc:  denied  { 
> write } for  pid=11106 exe=/usr/sbin/postdrop name=maildrop dev=dm-0 
> in o=4032533 scontext=user_u:system_r:system_mail_t 
> tcontext=system_u:object_r:mail_spool_t tclass=dir
> Feb 26 03:58:11 mail kernel: audit(1109361491.017:0): avc:  denied  { 
> add_name } for  pid=11106 exe=/usr/sbin/postdrop name=17816.11106 
> scont ext=user_u:system_r:system_mail_t 
> tcontext=system_u:object_r:mail_spool_t tclass=dir
> Feb 26 03:58:11 mail kernel: audit(1109361491.017:0): avc:  denied  { 
> create } for  pid=11106 exe=/usr/sbin/postdrop name=17816.11106 
> scontex t=user_u:system_r:system_mail_t 
> tcontext=user_u:object_r:mail_spool_t tclass=file
> Feb 26 03:58:11 mail kernel: audit(1109361491.018:0): avc:  denied  { 
> getattr } for  pid=11106 exe=/usr/sbin/postdrop 
> path=/var/spool/postfix /maildrop/17816.11106 dev=dm-0 ino=6340609 
> scontext=user_u:system_r:system_mail_t 
> tcontext=user_u:object_r:mail_spool_t tclass=file
> Feb 26 03:58:11 mail kernel: audit(1109361491.019:0): avc:  denied  { 
> remove_name } for  pid=11106 exe=/usr/sbin/postdrop name=17816.11106 
> de v=dm-0 ino=6340609 scontext=user_u:system_r:system_mail_t 
> tcontext=system_u:object_r:mail_spool_t tclass=dir
> Feb 26 03:58:11 mail kernel: audit(1109361491.019:0): avc:  denied  { 
> rename } for  pid=11106 exe=/usr/sbin/postdrop name=17816.11106 
> dev=dm- 0 ino=6340609 scontext=user_u:system_r:system_mail_t 
> tcontext=user_u:object_r:mail_spool_t tclass=file
> Feb 26 03:58:11 mail kernel: audit(1109361491.020:0): avc:  denied  { 
> write } for  pid=11106 exe=/usr/sbin/postdrop 
> path=/var/spool/postfix/m aildrop/04D8460C001 dev=dm-0 ino=6340609 
> scontext=user_u:system_r:system_mail_t 
> tcontext=user_u:object_r:mail_spool_t tclass=file
> Feb 26 03:58:11 mail kernel: audit(1109361491.022:0): avc:  denied  { 
> setattr } for  pid=11106 exe=/usr/sbin/postdrop name=04D8460C001 
> dev=dm -0 ino=6340609 scontext=user_u:system_r:system_mail_t 
> tcontext=user_u:object_r:mail_spool_t tclass=file
> Feb 26 03:58:11 mail kernel: audit(1109361491.037:0): avc:  denied  { 
> getattr } for  pid=11106 exe=/usr/sbin/postdrop 
> path=/var/spool/postfix /public/pickup dev=dm-0 ino=4032604 
> scontext=user_u:system_r:system_mail_t 
> tcontext=system_u:object_r:mail_spool_t tclass=fifo_file
> Feb 26 03:58:11 mail kernel: audit(1109361491.038:0): avc:  denied  { 
> write } for  pid=11106 exe=/usr/sbin/postdrop name=pickup dev=dm-0 
> ino= 4032604 scontext=user_u:system_r:system_mail_t 
> tcontext=system_u:object_r:mail_spool_t tclass=fifo_file
>
Ok I built  selinux-policy-targeted-1.17.30-2.85 on
ftp://people.redhat.com/dwalsh/SELinux/FC3

Try that one out.

> -- 
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> http://www.redhat.com/mailman/listinfo/fedora-selinux-list

More information about the fedora-selinux-list mailing list