Bug 215899 - SELinux is preventing /usr/sbin/postmap (postfix_map_t) "search" to nscd (nscd_var_run_t).
SELinux is preventing /usr/sbin/postmap (postfix_map_t) "search" to nscd (nsc...
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
6
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-11-16 04:54 EST by Matěj Cepl
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version: Current
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-08-22 10:13:59 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Matěj Cepl 2006-11-16 04:54:18 EST
Description of problem:


Version-Release number of selected component (if applicable):
When running postmap on /etc/postfix/transport I get this SELinux denial:

avc: denied { search } for comm='"postmap"' dev='dm-1' egid='0' euid='0'
exe='"/usr/sbin/postmap"' exit='-13' fsgid='0' fsuid='0' gid='0' items='0'
name='"nscd"' pid='10332' scontext=user_u:system_r:postfix_map_t:s0 sgid='0'
subj='user_u:system_r:postfix_map_t:s0' suid='0' tclass='dir'
tcontext=system_u:object_r:nscd_var_run_t:s0 tty='(none)' uid='0' 

How reproducible:
100%

Steps to Reproduce:
1.change /etc/postfix/transport
2.run this Makefile

%.db : %
        postmap $<

DBASES = sasl_passwd.db sender_canonical.db tls_servers.db transport.db virtual.db

all: $(DBASES)
        postfix reload
        postfix check

clean:
        rm $(DBASES)

3. setroubleshoot baloon will pop up
  
Actual results:
.db file is created, but SELinux denial is reported as well (I am not sure, what
exact consequences it has for usability of postfix, when the .db file is really
creaeted).

Expected results:
There should be no SELinux issue

Additional info:
Comment 1 Matěj Cepl 2006-11-16 04:57:40 EST
Moreover, the content of .db file seems to be correct:

Python 2.4.4 (#1, Oct 23 2006, 13:58:00) 
[GCC 4.1.1 20061011 (Red Hat 4.1.1-30)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import anydbm
>>> d=anydbm.open("transport.db","r")
>>> d
{'redhat.com\x00': 'smtp:[pobox.stuttgart.redhat.com]\x00', '.vysocina\x00':
':\x00', '*\x00': 'smtp:[smtp.seznam.cz:995]\x00', 'localhost\x00': ':\x00'}
>>>
Comment 2 Daniel Walsh 2006-11-17 14:19:59 EST
Fixed in  selinux-policy-2.4.5-1
Comment 3 Daniel Walsh 2007-08-22 10:13:59 EDT
Fixed in current release

Note You need to log in before you can comment on or make changes to this bug.