Red Hat Bugzilla – Bug 215899
SELinux is preventing /usr/sbin/postmap (postfix_map_t) "search" to nscd (nscd_var_run_t).
Last modified: 2007-11-30 17:11:49 EST
Description of problem: Version-Release number of selected component (if applicable): When running postmap on /etc/postfix/transport I get this SELinux denial: avc: denied { search } for comm='"postmap"' dev='dm-1' egid='0' euid='0' exe='"/usr/sbin/postmap"' exit='-13' fsgid='0' fsuid='0' gid='0' items='0' name='"nscd"' pid='10332' scontext=user_u:system_r:postfix_map_t:s0 sgid='0' subj='user_u:system_r:postfix_map_t:s0' suid='0' tclass='dir' tcontext=system_u:object_r:nscd_var_run_t:s0 tty='(none)' uid='0' How reproducible: 100% Steps to Reproduce: 1.change /etc/postfix/transport 2.run this Makefile %.db : % postmap $< DBASES = sasl_passwd.db sender_canonical.db tls_servers.db transport.db virtual.db all: $(DBASES) postfix reload postfix check clean: rm $(DBASES) 3. setroubleshoot baloon will pop up Actual results: .db file is created, but SELinux denial is reported as well (I am not sure, what exact consequences it has for usability of postfix, when the .db file is really creaeted). Expected results: There should be no SELinux issue Additional info:
Moreover, the content of .db file seems to be correct: Python 2.4.4 (#1, Oct 23 2006, 13:58:00) [GCC 4.1.1 20061011 (Red Hat 4.1.1-30)] on linux2 Type "help", "copyright", "credits" or "license" for more information. >>> import anydbm >>> d=anydbm.open("transport.db","r") >>> d {'redhat.com\x00': 'smtp:[pobox.stuttgart.redhat.com]\x00', '.vysocina\x00': ':\x00', '*\x00': 'smtp:[smtp.seznam.cz:995]\x00', 'localhost\x00': ':\x00'} >>>
Fixed in selinux-policy-2.4.5-1
Fixed in current release