Bug 431240 - Postfix default SELinux policy generates SE alerts.
Postfix default SELinux policy generates SE alerts.
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: selinux-policy (Show other bugs)
5.1
All Linux
low Severity low
: rc
: ---
Assigned To: Daniel Walsh
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-02-01 13:06 EST by Michael Meador
Modified: 2008-05-21 12:06 EDT (History)
1 user (show)

See Also:
Fixed In Version: RHBA-2008-0465
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-05-21 12:06:49 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Michael Meador 2008-02-01 13:06:59 EST
Description of problem:
I get these two se alerts when postfix is started.

SELinux is preventing /usr/libexec/postfix/pickup (postfix_pickup_t) "create" to
(postfix_pickup_t).

SELinux is preventing /usr/libexec/postfix/qmgr (postfix_qmgr_t) "create" to
(postfix_qmgr_t).


Version-Release number of selected component (if applicable):
5.0 and 5.1 / i386 and x86_64


How reproducible:
Everytime the postfix service is started.

Steps to Reproduce:
1. Install postfix from distribution sources or rhn( either during the
installation or later with yum/rpm )
2. Start the service
  
Actual results:
Service starts but generates the SELinux policy errors described above.

Expected results:
No errors.
Comment 1 Daniel Walsh 2008-02-02 00:11:19 EST
Please attach the avc messages from /var/log/audit/audit.log

Also please try out the U2 policy, preview available on 

http://people.redhat.com/dwalsh/SELinux/RHEL5
Comment 2 Daniel Walsh 2008-03-05 17:06:15 EST
I believe this is fixed in the U2 policy.

Fixed in selinux-policy-2.4.6-124.el5
Comment 3 RHEL Product and Program Management 2008-03-05 17:07:21 EST
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.
Comment 6 Eduard Benes 2008-04-02 04:34:12 EDT
Michael, could you please try the latest policy and reply whether it works for 
you? In case you still get alerts, please post the AVC messages. Thank you.

Latest packages are available here:

  http://people.redhat.com/dwalsh/SELinux/RHEL5/noarch/
Comment 8 errata-xmlrpc 2008-05-21 12:06:49 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2008-0465.html

Note You need to log in before you can comment on or make changes to this bug.