Bug 670929
| Summary: | Postfix, SELinux and .forward | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Jan "Yenya" Kasprzak <kas> |
| Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | medium | Docs Contact: | |
| Priority: | low | ||
| Version: | 14 | CC: | dwalsh, mgrepl, mlichvar |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | selinux-policy-3.9.7-25.fc14 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2011-01-25 20:58:49 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Jan "Yenya" Kasprzak
2011-01-19 17:09:51 UTC
Miroslav add userdom_exec_user_bin_files(postfix_local_t) and HOME_DIR/\.forward[^/]* -- gen_context(system_u:object_r:mail_home_t,s0) Fixed in selinux-policy-3.9.7-24.fc14 Miroslav, thanks for the fast respone, but is it really fixed? This problem is not even mentioned in the changelog in Koji at http://koji.fedoraproject.org/koji/buildinfo?buildID=214872 I have tried to test it: # rpm -Uvh selinux-policy-targeted-3.9.7-24.fc14.noarch.rpm selinux-policy-3.9.7-24.fc14.noarch.rpm Preparing... ########################################### [100%] 1:selinux-policy ########################################### [ 50%] 2:selinux-policy-targeted########################################### [100%] # restorecon -R /home/kas # ls -lZa /home/kas/.forward* -rw-r--r--. kas staff unconfined_u:object_r:mail_home_t:s0 .forward -rw-r--r--. kas staff unconfined_u:object_r:user_home_t:s0 .forward+extension # echo test | mail -s test kas@mydomain # tail /var/log/maillog Jan 20 12:17:41 myhost local[12056]: fatal: execvp /home/kas/bin/handle_mail: Permission denied Jan 20 12:17:42 myhost postfix/local[12055]: CF6E2E03AF: to=<kas@mydomain>, relay=local, delay=0.2, delays=0.13/0.01/0/0.07, dsn=4.3.0, status=deferred (temporary failure. Command output: local: fatal: execvp /home/kas/bin/handle_mail: Permission denied ) # ls -dZ /home/kas /home/kas/bin /home/kas/bin/handle_mail drwx------. kas staff unconfined_u:object_r:user_home_dir_t:s0 /home/kas drwxr-xr-x. kas staff unconfined_u:object_r:home_bin_t:s0 /home/kas/bin -rwx------. kas staff unconfined_u:object_r:home_bin_t:s0 /home/kas/bin/handle_mail # tail /var/log/audit/audit.log |audit2allow #============= postfix_local_t ============== allow postfix_local_t home_bin_t:dir search; Oops, I apologize. I meant "Fixed in selinux-policy-3.9.7-25.fc14". I will build this release later today. selinux-policy-3.9.7-25.fc14 has been submitted as an update for Fedora 14. https://admin.fedoraproject.org/updates/selinux-policy-3.9.7-25.fc14 selinux-policy-3.9.7-25.fc14 has been pushed to the Fedora 14 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update selinux-policy'. You can provide feedback for this update here: https://admin.fedoraproject.org/updates/selinux-policy-3.9.7-25.fc14 selinux-policy{,targeted}-3.9.7-25.fc14 works for me.
Again, thanks for fast response!
Please update karma. Done, assuming I did it correctly. I did not know about Fedora karma system before, so this is the first fime I have used fedora-easy-karma. Interesting. Yes all updates have to wait a week before being pushed but if we get three thumbs up (Karma +1) it can get pushed earlier. Even if we don't get three having a couple makes us feel better about pushing an update. Thanks for testing. selinux-policy-3.9.7-25.fc14 has been pushed to the Fedora 14 stable repository. If problems still persist, please make note of it in this bug report. |