Bug 467137 - postfix no longer works with the latest selinux
Summary: postfix no longer works with the latest selinux
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: selinux-policy-targeted
Version: 5.2
Hardware: All
OS: Linux
medium
high
Target Milestone: rc
: ---
Assignee: Daniel Walsh
QA Contact: BaseOS QE
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-10-15 22:10 UTC by Levente Farkas
Modified: 2014-06-10 16:19 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-06-02 13:00:54 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)

Description Levente Farkas 2008-10-15 22:10:50 UTC
this bug still exists in selinux-policy-targeted-2.4.6-163.el5:
 
 # audit2allow -i /var/log/audit/audit.log
 
 
 #============= postfix_postdrop_t ==============
 allow postfix_postdrop_t sendmail_t:unix_stream_socket getattr;
 
 ---------------------------------------------
 type=AVC msg=audit(1223863321.803:4945): avc:  denied  { getattr } for
 pid=21205 comm="postdrop" path="socket:[5532294]" dev=sockfs ino=5532294
 scontext=user
 _u:system_r:postfix_postdrop_t:s0 tcontext=user_u:system_r:sendmail_t:s0
 tclass=unix_stream_socket
 type=SYSCALL msg=audit(1223863321.803:4945): arch=c000003e syscall=5
 success=no exit=-13 a0=0 a1=7fff16012cd0 a2=7fff16012cd0 a3=0 items=0
 ppid=21198 pid=2120
 5 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=90 sgid=90 fsgid=90
 tty=(none) ses=475 comm="postdrop" exe="/usr/sbin/postdrop"
 subj=user_u:system_r:postfix_p
 ostdrop_t:s0 key=(null)
 type=AVC msg=audit(1223863321.803:4946): avc:  denied  { getattr } for
 pid=21205 comm="postdrop" path="socket:[5532294]" dev=sockfs ino=5532294
 scontext=user
 _u:system_r:postfix_postdrop_t:s0 tcontext=user_u:system_r:sendmail_t:s0
 tclass=unix_stream_socket
 ---------------------------------------------

Comment 1 Daniel Walsh 2008-10-16 17:53:01 UTC
Fixed in selinux-policy-2.4.6-166.el5

Comment 2 Levente Farkas 2008-10-16 21:34:23 UTC
and where is it?

Comment 3 Daniel Walsh 2008-10-16 21:52:26 UTC
http://people.redhat.com/dwalsh/SELinux/RHEL5

Comment 4 Levente Farkas 2008-10-16 22:17:14 UTC
but just now:-)
and still some strange output:
  Updating  : selinux-policy               ######################### [1/6] 
  Updating  : selinux-policy-devel         ######################### [2/6] 
Syntax error on line 1 ; [type=SEMI]
  Updating  : selinux-policy-targeted      ######################### [3/6]

Comment 5 Daniel Walsh 2008-10-17 19:59:02 UTC
You can ignore that error it will be fixed in 167, the policy should work properly.

Comment 6 Levente Farkas 2009-02-02 20:08:03 UTC
please close this bug

Comment 7 Levente Farkas 2009-04-21 23:23:55 UTC
ping?

Comment 8 Daniel Walsh 2009-04-22 11:30:43 UTC
Yes?

Comment 9 Levente Farkas 2009-04-22 12:22:40 UTC
would you close this bug? it's fixed a long ago!

Comment 10 Daniel Walsh 2009-04-22 12:25:25 UTC
VERIFIED is the same as closed from our point of view.  I believe I am not supposed to close RHEL5 bugs.

Comment 11 Levente Farkas 2009-04-22 12:33:47 UTC
imho only the owner (and some rh administer) can close a bug (ie. i can't). all of my other bug is closed as nextrelease (in this case current release). so you can do it.

Comment 12 Levente Farkas 2010-10-29 20:14:58 UTC
anybody can close this bug???

Comment 13 RHEL Program Management 2014-03-07 13:32:03 UTC
This bug/component is not included in scope for RHEL-5.11.0 which is the last RHEL5 minor release. This Bugzilla will soon be CLOSED as WONTFIX (at the end of RHEL5.11 development phase (Apr 22, 2014)). Please contact your account manager or support representative in case you need to escalate this bug.

Comment 14 RHEL Program Management 2014-06-02 13:00:54 UTC
Thank you for submitting this request for inclusion in Red Hat Enterprise Linux 5. We've carefully evaluated the request, but are unable to include it in RHEL5 stream. If the issue is critical for your business, please provide additional business justification through the appropriate support channels (https://access.redhat.com/site/support).


Note You need to log in before you can comment on or make changes to this bug.