postfix high-ports prob
Holger Burde
hburde at t-online.de
Sun Mar 12 13:19:49 UTC 2006
Hi;
Ok - thx 4 the help. I changed the policy. Migrating to FC5 is planed
but not before Release and some private testing. The FC5 selinux changes
look promising!
hb
Am Samstag, den 11.03.2006, 10:01 -0500 schrieb Daniel J Walsh:
> Holger Burde wrote:
> > Hi;
> >
> > FC 4 currrent with targeted - up2date & unmodified.
> >
> > The postfix Policy or some other seems 2 prevent binding postfix to
> > unpriv Ports > 1023 (10026 in my case). Is this intentional and if why ?
> > Daemon based Filtering stuff needs those high-ports.
> > Since after setting setenforce to 0 it works i think i must be policy
> > related (the system has no source policy - so i didn't dig into that
> > yet).
> >
> > Mar 11 14:06:40 proton postfix/master[3413]: fatal: bind 127.0.0.1 port
> > 10026: Permission denied
> >
> > No avc denies (audit2allow) - strange and not funny .. if its policy
> > related.
> >
> > PS I use some of my own RPMs (clamsmtp & anomy ..) with Postfix (FC4) &
> > Clamav (FC4 extras) which works beside this Port Problem. Since selinux
> > is part of my security Concept setenforce 0 is no option.
> > hb
> >
>
> Well you have two choices. You can update to FC5 and use some of the
> semanage to add additional ports
> to postfix.
>
> In order to get these additional audit messages in FC4 you need to
> install policy-sources and run a
> make enableaudit; make reload, you can also edit the postfix policy to
> allow the additional ports. You need to
> edit net_context file.
>
> In FC5 you can just load the enableaudit.pp policy package semodule -b
> /usr/share/selinux/targeted/enableaudit.pp
>
> Lots of new features in FC5 to handle local customizations.
>
>
>
--
--- -- -
Dipl. Inform. H. Burde
EMail : <hburde at t-online.de>| <hburde at uni-bremen.de>
More information about the fedora-selinux-list
mailing list