Hide Forgot
Description of problem: Under normal conditions the postfix smtp process logs each message sent and received to the server by writing to /dev/log. However, due to SELinux policies, smtp is denied permission to write to /dev/log: type=AVC msg=audit(1326226879.466:26702): avc: denied { write } for pid=2551 comm="smtpd" name="log" dev=devtmpfs ino=11115 scontext=system_u:system_r:postfix_smtpd_t:s0 tcontext=system_u:object_r:device_t:s0 tclass=sock_file type=SYSCALL msg=audit(1326226879.466:26702): arch=c000003e syscall=42 success=no exit=-13 a0=b a1=7f9c96e321a0 a2=6e a3=1 items=0 ppid=1508 pid=2551 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="smtpd" exe="/usr/libexec/postfix/smtpd" subj=system_u:system_r:postfix_smtpd_t:s0 key=(null) As a result, no records of sent or received messages are sent. no postfix processes are running chrooted. Version-Release number of selected component (if applicable): selinux-policy-3.7.19-126.el6_2.4 How reproducible: Basic installation of rhel 6.2 and postfix. Steps to Reproduce: 1. Install rhel 6.2 2. Install postfix and configure for basic mailserver. Actual results: Mail logs are bare and contain only messages from more privileged postfix processes, such as postsuper. Expected results: Mail logs should contain messages from stmp as well, to record mails sent and received.
The problem is /dev/log is mislabeled. Were you playing around with the syslog program running it by hand?
(In reply to comment #2) > The problem is /dev/log is mislabeled. Were you playing around with the syslog > program running it by hand? In the process of troubleshooting this issue I stopped and started the syslog-ng process a few times. Otherwise, however, I haven't made any changes to /dev/log. Might that have been the cause? What should the label on /dev/log be? Thanks!
matchpathcon says that /dev/log should be labelled devlog_t # matchpathcon /dev/log /dev/log system_u:object_r:devlog_t:s0 and selinux-policy-targeted contains a rule which allows a process running as postfix_smtpd_t to write into socket file which is labelled devlog_t # sesearch -s postfix_smtpd_t -t devlog_t -c sock_file -p write --allow Found 1 semantic av rules: allow postfix_smtpd_t devlog_t : sock_file { write getattr append open } ;
Daniel, what does $ ps -eZ | grep syslog If you execute $ restorecon -R -v /dev/log it will fix it.
(In reply to comment #5) > Daniel, > what does > > $ ps -eZ | grep syslog > > If you execute > > $ restorecon -R -v /dev/log > > it will fix it. So, upon executing restorecon -R -v /dev/log, we found that indeed the context changed to system_u:object_r:devlog_t:s0. Apparently our installation of syslog-ng had inappropriate contexts, as syslog had the context system_u:system_r:initrc_t. We've since replaced our installation of syslog with an appropriate one that has the proper context. Thank you all for your time and help.