Bug 467137 - postfix no longer works with the latest selinux
postfix no longer works with the latest selinux
Status: CLOSED WONTFIX
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: selinux-policy-targeted (Show other bugs)
5.2
All Linux
medium Severity high
: rc
: ---
Assigned To: Daniel Walsh
BaseOS QE
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-10-15 18:10 EDT by Levente Farkas
Modified: 2014-06-10 12:19 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-06-02 09:00:54 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Levente Farkas 2008-10-15 18:10:50 EDT
this bug still exists in selinux-policy-targeted-2.4.6-163.el5:
 
 # audit2allow -i /var/log/audit/audit.log
 
 
 #============= postfix_postdrop_t ==============
 allow postfix_postdrop_t sendmail_t:unix_stream_socket getattr;
 
 ---------------------------------------------
 type=AVC msg=audit(1223863321.803:4945): avc:  denied  { getattr } for
 pid=21205 comm="postdrop" path="socket:[5532294]" dev=sockfs ino=5532294
 scontext=user
 _u:system_r:postfix_postdrop_t:s0 tcontext=user_u:system_r:sendmail_t:s0
 tclass=unix_stream_socket
 type=SYSCALL msg=audit(1223863321.803:4945): arch=c000003e syscall=5
 success=no exit=-13 a0=0 a1=7fff16012cd0 a2=7fff16012cd0 a3=0 items=0
 ppid=21198 pid=2120
 5 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=90 sgid=90 fsgid=90
 tty=(none) ses=475 comm="postdrop" exe="/usr/sbin/postdrop"
 subj=user_u:system_r:postfix_p
 ostdrop_t:s0 key=(null)
 type=AVC msg=audit(1223863321.803:4946): avc:  denied  { getattr } for
 pid=21205 comm="postdrop" path="socket:[5532294]" dev=sockfs ino=5532294
 scontext=user
 _u:system_r:postfix_postdrop_t:s0 tcontext=user_u:system_r:sendmail_t:s0
 tclass=unix_stream_socket
 ---------------------------------------------
Comment 1 Daniel Walsh 2008-10-16 13:53:01 EDT
Fixed in selinux-policy-2.4.6-166.el5
Comment 2 Levente Farkas 2008-10-16 17:34:23 EDT
and where is it?
Comment 3 Daniel Walsh 2008-10-16 17:52:26 EDT
http://people.redhat.com/dwalsh/SELinux/RHEL5
Comment 4 Levente Farkas 2008-10-16 18:17:14 EDT
but just now:-)
and still some strange output:
  Updating  : selinux-policy               ######################### [1/6] 
  Updating  : selinux-policy-devel         ######################### [2/6] 
Syntax error on line 1 ; [type=SEMI]
  Updating  : selinux-policy-targeted      ######################### [3/6]
Comment 5 Daniel Walsh 2008-10-17 15:59:02 EDT
You can ignore that error it will be fixed in 167, the policy should work properly.
Comment 6 Levente Farkas 2009-02-02 15:08:03 EST
please close this bug
Comment 7 Levente Farkas 2009-04-21 19:23:55 EDT
ping?
Comment 8 Daniel Walsh 2009-04-22 07:30:43 EDT
Yes?
Comment 9 Levente Farkas 2009-04-22 08:22:40 EDT
would you close this bug? it's fixed a long ago!
Comment 10 Daniel Walsh 2009-04-22 08:25:25 EDT
VERIFIED is the same as closed from our point of view.  I believe I am not supposed to close RHEL5 bugs.
Comment 11 Levente Farkas 2009-04-22 08:33:47 EDT
imho only the owner (and some rh administer) can close a bug (ie. i can't). all of my other bug is closed as nextrelease (in this case current release). so you can do it.
Comment 12 Levente Farkas 2010-10-29 16:14:58 EDT
anybody can close this bug???
Comment 13 RHEL Product and Program Management 2014-03-07 08:32:03 EST
This bug/component is not included in scope for RHEL-5.11.0 which is the last RHEL5 minor release. This Bugzilla will soon be CLOSED as WONTFIX (at the end of RHEL5.11 development phase (Apr 22, 2014)). Please contact your account manager or support representative in case you need to escalate this bug.
Comment 14 RHEL Product and Program Management 2014-06-02 09:00:54 EDT
Thank you for submitting this request for inclusion in Red Hat Enterprise Linux 5. We've carefully evaluated the request, but are unable to include it in RHEL5 stream. If the issue is critical for your business, please provide additional business justification through the appropriate support channels (https://access.redhat.com/site/support).

Note You need to log in before you can comment on or make changes to this bug.