Bug 960904
| Summary: | SELinux is preventing /usr/libexec/postfix/smtpd from 'lock' accesses on the file /var/spool/postfix/pid/inet.127.0.0.1:10025. | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Nicolas Mailhot <nicolas.mailhot> |
| Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
| Status: | CLOSED DUPLICATE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | rawhide | CC: | dominick.grift, dwalsh, mgrepl |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Unspecified | ||
| Whiteboard: | abrt_hash:b861bfe8a588b395068a127402ffd0070c4528f71c1b6379bb3652c1b01a36a8 | ||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2013-05-09 08:47:47 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
*** This bug has been marked as a duplicate of bug 960903 *** |
Description of problem: SELinux is preventing /usr/libexec/postfix/smtpd from 'lock' accesses on the file /var/spool/postfix/pid/inet.127.0.0.1:10025. ***** Plugin catchall (100. confidence) suggests *************************** If vous pensez que smtpd devrait être autorisé à accéder lock sur inet.127.0.0.1:10025 file par défaut. Then vous devriez rapporter ceci en tant qu'anomalie. Vous pouvez générer un module de stratégie local pour autoriser cet accès. Do autoriser cet accès pour le moment en exécutant : # grep smtpd /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:postfix_smtpd_t:s0 Target Context system_u:object_r:postfix_var_run_t:s0 Target Objects /var/spool/postfix/pid/inet.127.0.0.1:10025 [ file ] Source smtpd Source Path /usr/libexec/postfix/smtpd Port <Inconnu> Host (removed) Source RPM Packages postfix-2.10.0-1.fc20.x86_64 Target RPM Packages Policy RPM selinux-policy-3.12.1-41.fc20.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name (removed) Platform Linux (removed) 3.10.0-0.rc0.git21.1.fc20.x86_64 #1 SMP Tue May 7 19:47:51 UTC 2013 x86_64 x86_64 Alert Count 7 First Seen 2013-05-08 11:27:40 CEST Last Seen 2013-05-08 11:35:14 CEST Local ID c76d08f7-19e8-47e5-881b-21723d927cf5 Raw Audit Messages type=AVC msg=audit(1368005714.251:172): avc: denied { lock } for pid=4527 comm="smtpd" path="/var/spool/postfix/pid/inet.127.0.0.1:10025" dev="dm-0" ino=3024621 scontext=system_u:system_r:postfix_smtpd_t:s0 tcontext=system_u:object_r:postfix_var_run_t:s0 tclass=file type=SYSCALL msg=audit(1368005714.251:172): arch=x86_64 syscall=flock success=yes exit=0 a0=8 a1=2 a2=2 a3=0 items=0 ppid=2381 pid=4527 auid=4294967295 uid=89 gid=89 euid=89 suid=89 fsuid=89 egid=89 sgid=89 fsgid=89 ses=4294967295 tty=(none) comm=smtpd exe=/usr/libexec/postfix/smtpd subj=system_u:system_r:postfix_smtpd_t:s0 key=(null) Hash: smtpd,postfix_smtpd_t,postfix_var_run_t,file,lock audit2allow #============= postfix_smtpd_t ============== allow postfix_smtpd_t postfix_var_run_t:file lock; audit2allow -R require { type postfix_smtpd_t; type postfix_var_run_t; class file lock; } #============= postfix_smtpd_t ============== allow postfix_smtpd_t postfix_var_run_t:file lock; Additional info: hashmarkername: setroubleshoot kernel: 3.10.0-0.rc0.git21.1.fc20.x86_64 type: libreport