Bug 960901
| Summary: | SELinux is preventing /usr/libexec/postfix/local from 'lock' accesses on the file /var/spool/postfix/pid/unix.local. | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Nicolas Mailhot <nicolas.mailhot> |
| Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
| Status: | CLOSED DUPLICATE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | rawhide | CC: | dominick.grift, dwalsh, mgrepl |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Unspecified | ||
| Whiteboard: | abrt_hash:1f1484f5f74f5540fd8acb146a8a6d7b07934686b9eb87eb48dfe6ac481a355c | ||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2013-05-08 14:53:01 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
*** This bug has been marked as a duplicate of bug 960894 *** |
Description of problem: SELinux is preventing /usr/libexec/postfix/local from 'lock' accesses on the file /var/spool/postfix/pid/unix.local. ***** Plugin catchall (100. confidence) suggests *************************** If vous pensez que local devrait être autorisé à accéder lock sur unix.local file par défaut. Then vous devriez rapporter ceci en tant qu'anomalie. Vous pouvez générer un module de stratégie local pour autoriser cet accès. Do autoriser cet accès pour le moment en exécutant : # grep local /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:postfix_local_t:s0 Target Context system_u:object_r:postfix_var_run_t:s0 Target Objects /var/spool/postfix/pid/unix.local [ file ] Source local Source Path /usr/libexec/postfix/local Port <Inconnu> Host (removed) Source RPM Packages postfix-2.10.0-1.fc20.x86_64 Target RPM Packages Policy RPM selinux-policy-3.12.1-41.fc20.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name (removed) Platform Linux (removed) 3.10.0-0.rc0.git21.1.fc20.x86_64 #1 SMP Tue May 7 19:47:51 UTC 2013 x86_64 x86_64 Alert Count 4 First Seen 2013-05-08 11:27:37 CEST Last Seen 2013-05-08 11:27:58 CEST Local ID dac84ede-0e0f-4cb9-9609-52c37e79cf83 Raw Audit Messages type=AVC msg=audit(1368005278.270:123): avc: denied { lock } for pid=2462 comm="local" path="/var/spool/postfix/pid/unix.local" dev="dm-0" ino=3024628 scontext=system_u:system_r:postfix_local_t:s0 tcontext=system_u:object_r:postfix_var_run_t:s0 tclass=file type=SYSCALL msg=audit(1368005278.270:123): arch=x86_64 syscall=flock success=yes exit=0 a0=8 a1=8 a2=0 a3=17700 items=0 ppid=2381 pid=2462 auid=4294967295 uid=0 gid=0 euid=89 suid=0 fsuid=89 egid=89 sgid=0 fsgid=89 ses=4294967295 tty=(none) comm=local exe=/usr/libexec/postfix/local subj=system_u:system_r:postfix_local_t:s0 key=(null) Hash: local,postfix_local_t,postfix_var_run_t,file,lock audit2allow #============= postfix_local_t ============== allow postfix_local_t postfix_var_run_t:file lock; audit2allow -R require { type postfix_local_t; type postfix_var_run_t; class file lock; } #============= postfix_local_t ============== allow postfix_local_t postfix_var_run_t:file lock; Additional info: hashmarkername: setroubleshoot kernel: 3.10.0-0.rc0.git21.1.fc20.x86_64 type: libreport