Bug 961660 - SELinux is preventing /usr/libexec/postfix/cleanup from read, write access on the file /var/spool/postfix/pid/unix.cleanup.
Summary: SELinux is preventing /usr/libexec/postfix/cleanup from read, write access on...
Keywords:
Status: CLOSED DUPLICATE of bug 960894
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 19
Hardware: x86_64
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Miroslav Grepl
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: abrt_hash:c4778184ef63297b97f3c9180db...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-05-10 08:12 UTC by Grosswiler Roger
Modified: 2013-05-10 08:43 UTC (History)
3 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2013-05-10 08:43:51 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Grosswiler Roger 2013-05-10 08:12:46 UTC 
Description of problem:
SELinux is preventing /usr/libexec/postfix/cleanup from read, write access on the file /var/spool/postfix/pid/unix.cleanup.

*****  Plugin catchall (100. confidence) suggests  ***************************

If sie denken, dass es cleanup standardmässig erlaubt sein sollte, read write Zugriff auf unix.cleanup file zu erhalten.
Then sie sollten dies als Fehler melden.
Um diesen Zugriff zu erlauben, können Sie ein lokales Richtlinien-Modul erstellen.
Do
zugriff jetzt erlauben, indem Sie die nachfolgenden Befehle ausführen:
# grep cleanup /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Additional Information:
Source Context                system_u:system_r:postfix_cleanup_t:s0
Target Context                system_u:object_r:postfix_var_run_t:s0
Target Objects                /var/spool/postfix/pid/unix.cleanup [ file ]
Source                        cleanup
Source Path                   /usr/libexec/postfix/cleanup
Port                          <Unbekannt>
Host                          (removed)
Source RPM Packages           postfix-2.10.0-1.fc19.x86_64
Target RPM Packages           
Policy RPM                    selinux-policy-3.12.1-42.fc19.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     (removed)
Platform                      Linux (removed) 3.9.0-301.fc19.x86_64 #1 SMP Mon
                              Apr 29 13:44:05 UTC 2013 x86_64 x86_64
Alert Count                   345
First Seen                    2013-05-10 04:20:45 CEST
Last Seen                     2013-05-10 10:10:35 CEST
Local ID                      f0c65d85-9c27-47a1-a087-eb47d986e6e3

Raw Audit Messages
type=AVC msg=audit(1368173435.731:13488): avc:  denied  { read write } for  pid=10906 comm="cleanup" name="unix.cleanup" dev="dm-1" ino=403321 scontext=system_u:system_r:postfix_cleanup_t:s0 tcontext=system_u:object_r:postfix_var_run_t:s0 tclass=file


type=SYSCALL msg=audit(1368173435.731:13488): arch=x86_64 syscall=open success=no exit=EACCES a0=7f385bf21e80 a1=2 a2=0 a3=0 items=0 ppid=1802 pid=10906 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm=cleanup exe=/usr/libexec/postfix/cleanup subj=system_u:system_r:postfix_cleanup_t:s0 key=(null)

Hash: cleanup,postfix_cleanup_t,postfix_var_run_t,file,read,write

audit2allow

#============= postfix_cleanup_t ==============
allow postfix_cleanup_t postfix_var_run_t:file { read write };

audit2allow -R
require {
	type postfix_cleanup_t;
	type postfix_var_run_t;
	class file { read write };
}

#============= postfix_cleanup_t ==============
allow postfix_cleanup_t postfix_var_run_t:file { read write };


Additional info:
reporter:       libreport-2.1.4
hashmarkername: setroubleshoot
kernel:         3.9.0-301.fc19.x86_64
type:           libreport

Potential duplicate: bug 960894
Comment 1 Miroslav Grepl 2013-05-10 08:43:51 UTC 

*** This bug has been marked as a duplicate of bug 960894 ***
Note You need to log in before you can comment on or make changes to this bug.