Description of problem: I was trying to run mailq on my laptop, with postfix running SELinux is preventing /usr/libexec/postfix/showq from read, write access on the file /var/spool/postfix/pid/unix.showq. ***** Plugin catchall (100. confidence) suggests *************************** If vous pensez que showq devrait être autorisé à accéder read write sur unix.showq file par défaut. Then vous devriez rapporter ceci en tant qu'anomalie. Vous pouvez générer un module de stratégie local pour autoriser cet accès. Do autoriser cet accès pour le moment en exécutant : # grep showq /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:postfix_showq_t:s0 Target Context system_u:object_r:postfix_var_run_t:s0 Target Objects /var/spool/postfix/pid/unix.showq [ file ] Source showq Source Path /usr/libexec/postfix/showq Port <Inconnu> Host (removed) Source RPM Packages postfix-2.10.0-1.fc19.x86_64 Target RPM Packages Policy RPM selinux-policy-3.12.1-39.fc19.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.9.0-301.fc19.x86_64 #1 SMP Mon Apr 29 13:44:05 UTC 2013 x86_64 x86_64 Alert Count 5 First Seen 2013-05-04 21:54:24 CEST Last Seen 2013-05-04 21:57:50 CEST Local ID dcfcf1f2-a0db-4bac-b011-cc25d715c7fe Raw Audit Messages type=AVC msg=audit(1367697470.706:2394): avc: denied { read write } for pid=30929 comm="showq" name="unix.showq" dev="dm-2" ino=2370110 scontext=system_u:system_r:postfix_showq_t:s0 tcontext=system_u:object_r:postfix_var_run_t:s0 tclass=file type=SYSCALL msg=audit(1367697470.706:2394): arch=x86_64 syscall=open success=no exit=EACCES a0=7f9e2714c410 a1=2 a2=0 a3=ffffff80 items=0 ppid=30900 pid=30929 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm=showq exe=/usr/libexec/postfix/showq subj=system_u:system_r:postfix_showq_t:s0 key=(null) Hash: showq,postfix_showq_t,postfix_var_run_t,file,read,write audit2allow #============= postfix_showq_t ============== allow postfix_showq_t postfix_var_run_t:file { read write }; audit2allow -R require { type postfix_showq_t; type postfix_var_run_t; class file { read write }; } #============= postfix_showq_t ============== allow postfix_showq_t postfix_var_run_t:file { read write }; Additional info: hashmarkername: setroubleshoot kernel: 3.9.0-301.fc19.x86_64 type: libreport
Also, it need others access than read and write, as seen by further observation : getattr, lock
commit c0a2702c37207d85cec8bd01ba519781c0dd30d2 Author: Miroslav Grepl <mgrepl> Date: Mon May 6 09:48:49 2013 +0200 Allow postfix-showq to read/write unix.showq in /var/spool/postfix/pid
selinux-policy-3.12.1-47.fc19 has been submitted as an update for Fedora 19. https://admin.fedoraproject.org/updates/selinux-policy-3.12.1-47.fc19
Package selinux-policy-3.12.1-47.fc19: * should fix your issue, * was pushed to the Fedora 19 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.12.1-47.fc19' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2013-9565/selinux-policy-3.12.1-47.fc19 then log in and leave karma (feedback).
selinux-policy-3.12.1-47.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.