Description of problem: Installed the latest selinux policy, and zarafa seems to still be missing a few things. Version-Release number of selected component (if applicable): 2.4.6-327.el5 How reproducible: 100% Steps to Reproduce: 1. Install 2.4.6-327.el5 2. Do stuff with Zarafa 3. Actual results: audit2allow output: #============= postfix_pipe_t ============== allow postfix_pipe_t zarafa_deliver_exec_t:file { read execute execute_no_trans }; allow postfix_pipe_t zarafa_server_t:unix_stream_socket connectto; allow postfix_pipe_t zarafa_server_var_run_t:sock_file write; Expected results: Zarafa should not have issues. Additional info: I see there are some booleans, but the only one that makes sense is: zarafa_deliver_disable_trans --> off With it set to "on" (which doesn't make sense), I still have the same issues. Please let me know what other information is required.
Could you attach AVC msgs for these rules? Thank you.
Sorry that this took me forever. [root /usr/share/selinux]$ ausearch -m avc -ts 01/28/2013 02:03:00 ---- time->Mon Jan 28 02:03:34 2013 type=SYSCALL msg=audit(1359338614.861:19724): arch=c000003e syscall=59 success=yes exit=0 a0=2b9107c8a910 a1=2b9107c8a980 a2=2b9107c8a820 a3=0 items=0 ppid=29672 pid=29673 auid=501 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=93 comm="zarafa-dagent" exe="/usr/bin/zarafa-dagent" subj=user_u:system_r:postfix_pipe_t:s0 key=(null) type=AVC msg=audit(1359338614.861:19724): avc: denied { read } for pid=29673 comm="pipe" path="/usr/bin/zarafa-dagent" dev=dm-0 ino=132205 scontext=user_u:system_r:postfix_pipe_t:s0 tcontext=system_u:object_r:zarafa_deliver_exec_t:s0 tclass=file type=AVC msg=audit(1359338614.861:19724): avc: denied { execute_no_trans } for pid=29673 comm="pipe" path="/usr/bin/zarafa-dagent" dev=dm-0 ino=132205 scontext=user_u:system_r:postfix_pipe_t:s0 tcontext=system_u:object_r:zarafa_deliver_exec_t:s0 tclass=file type=AVC msg=audit(1359338614.861:19724): avc: denied { execute } for pid=29673 comm="pipe" name="zarafa-dagent" dev=dm-0 ino=132205 scontext=user_u:system_r:postfix_pipe_t:s0 tcontext=system_u:object_r:zarafa_deliver_exec_t:s0 tclass=file ---- time->Mon Jan 28 02:03:34 2013 type=SYSCALL msg=audit(1359338614.990:19725): arch=c000003e syscall=42 success=yes exit=0 a0=5 a1=7fff911e9840 a2=6e a3=1 items=0 ppid=29672 pid=29673 auid=501 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=93 comm="zarafa-dagent" exe="/usr/bin/zarafa-dagent" subj=user_u:system_r:postfix_pipe_t:s0 key=(null) type=AVC msg=audit(1359338614.990:19725): avc: denied { connectto } for pid=29673 comm="zarafa-dagent" path="/var/run/zarafa" scontext=user_u:system_r:postfix_pipe_t:s0 tcontext=user_u:system_r:zarafa_server_t:s0 tclass=unix_stream_socket type=AVC msg=audit(1359338614.990:19725): avc: denied { write } for pid=29673 comm="zarafa-dagent" name="zarafa" dev=dm-0 ino=385461 scontext=user_u:system_r:postfix_pipe_t:s0 tcontext=user_u:object_r:zarafa_server_var_run_t:s0 tclass=sock_file
This one issue should be fixed in RHEL-6 therefore I am closing the bug as NEXTRELEASE.