Description of problem: On a fully-updated F7 system, with selinux-policy-2.6.4-63.fc7 in permissive mode, I get the following errors when an email is sent by apache (httpd): Actual results: avc: denied { append } for comm="postdrop" dev=sda2 egid=90 euid=48 exe="/usr/sbin/postdrop" exit=0 fsgid=90 fsuid=48 gid=48 items=0 path="/var/log/httpd/error_log" pid=28964 scontext=system_u:system_r:postfix_postdrop_t:s0 sgid=90 subj=system_u:system_r:postfix_postdrop_t:s0 suid=48 tclass=file tcontext=root:object_r:httpd_log_t:s0 tty=(none) uid=48 avc: denied { getattr } for comm="postdrop" dev=sda2 egid=90 euid=48 exe="/usr/sbin/postdrop" exit=0 fsgid=90 fsuid=48 gid=48 items=0 path="/var/log/httpd/error_log" pid=28964 scontext=system_u:system_r:postfix_postdrop_t:s0 sgid=90 subj=system_u:system_r:postfix_postdrop_t:s0 suid=48 tclass=file tcontext=root:object_r:httpd_log_t:s0 tty=(none) uid=48 Expected results: No SELinux denials when apache tries to send emails. Additional info: allow_httpd_anon_write --> on allow_httpd_dbus_avahi --> off allow_httpd_mod_auth_pam --> off allow_httpd_sys_script_anon_write --> on httpd_builtin_scripting --> on httpd_can_network_connect --> on httpd_can_network_connect_db --> on httpd_can_network_relay --> off httpd_can_sendmail --> on httpd_enable_cgi --> on httpd_enable_ftp_server --> off httpd_enable_homedirs --> on httpd_ssi_exec --> off httpd_tty_comm --> off httpd_unified --> on httpd_use_cifs --> off httpd_use_nfs --> off
# audit2allow -M mypol -i /var/log/audit/audit.log # semodule -i mypol.pp Fixed in selinux-policy-2.6.4-66.fc7
Bulk closing a old selinux policy bugs that were in the modified state. If the bug is still not fixed. Please reopen.