Description of problem: Running in permissive mode. Our main mail server automount home directories locally (bind mounts). We're seeing: type=AVC msg=audit(1161365921.208:29404): avc: denied { search } for pid=15109 comm="procmail" name="/" dev=autofs ino=6125 scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:object_r:autofs_t:s0 tclass=dir Not sure if this would actually break procmail in enforcing mode, but I'm guessing it would. Version-Release number of selected component (if applicable): selinux-policy-2.3.7-2.fc5
I have the same problem, but I "manually" mount /home. The boolean use_nfs_home_dirs is set to "on". FC6, selinux-policy-targeted-2.3.18-10. type=AVC msg=audit(1162167146.347:183): avc: denied { search } for pid=2586 comm="local" name="" dev=0:10 ino=884737 scontext=system_u:system_r:postfix_local_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=dir type=SYSCALL msg=audit(1162167146.347:183): arch=14 syscall=196 success=yes exit=-13 a0=8080c00 a1=7fb40258 a2=7fb403f0 a3=1f4 items=0 ppid=1970 pid=2586 auid=4294967295 uid=0 gid=0 euid=500 suid=0 fsuid=500 egid=500 sgid=0 fsgid=500 tty=(none) comm="local" exe="/usr/libexec/postfix/local" subj=system_u:system_r:postfix_local_t:s0 key=(null)
See bug #212893 (RAWHIDE)?
(In reply to comment #2) > See bug #212893 (RAWHIDE)? May be your issue (tcontext=nfs_t), but not exactly mine (tcontext=autofs_t).
You can use audit2allow -M local < /var/log/messages to generate local policy to make this work. I am fixing in rawhide/FC6/RHEL5 and hope to backport to FC5
Closing bugs