Description of problem: selinux is sowing a lot of errors postfix related. see below. (sorry for the noise, but i have no idea wich is useful and wich is not) Version-Release number of selected component (if applicable): # rpm -q postfix postfix-2.4.5-2.fc8 # rpm -q selinux-policy selinux-policy-3.0.8-98.fc8 How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info: SummarySELinux is preventing pickup (postfix_pickup_t) "getattr" to /etc/postfix/main.cf (httpd_sys_content_t). Detailed DescriptionSELinux denied access requested by pickup. It is not expected that this access is required by pickup and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing AccessSometimes labeling problems can cause SELinux denials. You could try to restore the default system file context for /etc/postfix/main.cf, restorecon -v '/etc/postfix/main.cf' If this does not work, there is currently no automatic way to allow this access. Instead, you can generate a local policy module to allow this access - see FAQ Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report against this package. Additional Information Source Context: system_u:system_r:postfix_pickup_tTarget Context: system_u:object_r:httpd_sys_content_tTarget Objects: /etc/postfix/main.cf [ file ]Source: pickupSource Path: /usr/libexec/postfix/pickupPort: <Unknown>Host: guzu.shacknet.nuSource RPM Packages: postfix-2.4.5-2.fc8Target RPM Packages: postfix-2.4.5-2.fc8Policy RPM: selinux-policy-3.0.8-98.fc8Selinux Enabled: TruePolicy Type: targetedMLS Enabled: TrueEnforcing Mode: EnforcingPlugin Name: catchall_fileHost Name: guzu.shacknet.nuPlatform: Linux guzu.shacknet.nu 2.6.24.5-85.fc8 #1 SMP Sat Apr 19 12:39:34 EDT 2008 i686 athlonAlert Count: 42First Seen: Vi 02 mai 2008 12:28:05 +0000Last Seen: Vi 02 mai 2008 13:11:49 +0000Local ID: a4471e75-f401-4f11-97d7-df961e1885b6Line Numbers: Raw Audit Messages :host=guzu.shacknet.nu type=AVC msg=audit(1209723109.20:127): avc: denied { getattr } for pid=13739 comm="pickup" path="/etc/postfix/main.cf" dev=sda1 ino=264626 scontext=system_u:system_r:postfix_pickup_t:s0 tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=file host=guzu.shacknet.nu type=SYSCALL msg=audit(1209723109.20:127): arch=40000003 syscall=197 success=no exit=-13 a0=8 a1=bfe85e90 a2=60aff4 a3=3 items=0 ppid=3189 pid=13739 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="pickup" exe="/usr/libexec/postfix/pickup" subj=system_u:system_r:postfix_pickup_t:s0 key=(null)
Created attachment 306523 [details] postfix errors 1
Created attachment 306524 [details] postfix errors 2
for the above errors, $ rpm -q selinux-policy selinux-policy-3.3.1-51.fc9.noarch and system was autorelabeled several times. i'll report more after a newer selinux-policy will be available. and, the fedora 9 system is the old f8 system yum upgraded.
$ rpm -q selinux-policy selinux-policy-3.3.1-55.fc9.noarch seems to fix the error. thnx a lot dwalsh! ( maybe the fact that i've deleted by hand all files on /tmp (as you suggested) helped some way ... anyway i have no more errors now. )
Ok, closing as selinux-policy errata.