From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20050922 Fedora/1.0.7-1.1.fc3 Firefox/1.0.7 Description of problem: Postfix is not able to authenticate using cyrus-sasl because selinux policy denies access to the mux socket. Version-Release number of selected component (if applicable): postfix-2.2.2-2, cyrus-sasl-2.1.20-5, selinux-policy-targeted-1.27.1-2.6 How reproducible: Always Steps to Reproduce: 1. Setup SMTP AUTH (I followed instructions here: http://postfix.state-of-mind.de/patrick.koetter/smtpauth/ but used the existing RPMs provided with Fedora Core. 2. Attempt to authenticate 3. Check audit.log (I used audit2why) and see that it denies access to mux. Actual Results: SMTP AUTH fails because it is not able to access the saslauthd daemon. Expected Results: It should have been able to authenticate and send my e-mail. Additional info: I have worked around it by customizing my SELinux policy, but next time a policy is released, it will break my changes.
This is no prostfix problem, assigning to selinux-prolicy-targeted.
Fixed in selinux-policy-targeted-1.27.1-2.14
Still no worky. Now it is denying write for the mux socket to the postfix daemon. This is what shows up in my audit.log: type=AVC msg=audit(1134082992.536:6821): avc: denied { write } for pid=29186 comm="smtpd" name="mux" dev=dm-0 ino=113 0952 scontext=system_u:system_r:postfix_smtpd_t tcontext=system_u:object_r:var_run_t tclass=sock_file type=SYSCALL msg=audit(1134082992.536:6821): arch=40000003 syscall=102 success=no exit=-13 a0=3 a1=bf8f5bd0 a2=5b6228 a3 =bf8f5c34 items=1 pid=29186 auid=4294967295 uid=89 gid=89 euid=89 suid=89 fsuid=89 egid=89 sgid=89 fsgid=89 comm="smtpd" exe="/usr/libexec/postfix/smtpd" type=SOCKADDR msg=audit(1134082992.536:6821): saddr=01002F7661722F72756E2F7361736C61757468642F6D757800000000000000000000 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 00000000000000000000000000000000 type=SOCKETCALL msg=audit(1134082992.536:6821): nargs=3 a0=10 a1=bf8f801a a2=6e type=PATH msg=audit(1134082992.536:6821): item=0 flags=1 inode=1130952 dev=fd:00 mode=0140777 ouid=0 ogid=0 rdev=00:00 And this is what audit2allow says should be added: allow postfix_smtpd_t var_run_t:sock_file write;
Closing as these have been marked as modified, for a while. Feel free to reopen if not fixed
Just tested again and it is working as of selinux-policy-targeted-1.27.1-2.28