In the latest rhel6 policies amavas_t and clamscan_t have been merged into antivirus_t? Is you selinux-policy up 2 date?
Any reason postfix would be listing the contents of /tmp or /var/tmp?
Did you put some content into these directories that have something to do with mail?
Yes, everything is up-to-date as of the time of report and I have checked again this morning. That system has no unapplied fixes for software provided through the official CentOS-6 repositories. Does this change apply only to 7
or has it been backported? Both amavisd-new and clamav are provided via the epel repository.
That question I need put to the Postfix mailing list. I see nothing in the spec file that bears on the matter and the tarball was pulled from:
selinux-policy-3.7.19-260.el6 is the current policy in development.
Thank you.
I do not know why my build of Postfix is looking in /tmp. According to Wietse Venema the base Postfix tarball does not access /tmp at all. So it must be one of the patches, but I have not yet uncovered which one. In any case, this raises the question: Why would any program not have access to /tmp? Is not that what /tmp is for, a scratchpad for programs?
6 thoughts on - Postfix Avc (SELinux)
Am 04.12.2014 um 18:29 schrieb James B. Byrne:
https://bugzilla.redhat.com/show_bug.cgi?id
Anyone see any problem with generating a custom policy consisting of the following?
grep avc /var/log/audit/audit.log | audit2allow
#============= amavis_t =============allow amavis_t shell_exec_t:file execute;
allow amavis_t sysfs_t:dir search;
#============= clamscan_t =============allow clamscan_t amavis_spool_t:dir read;
#============= logwatch_mail_t =============allow logwatch_mail_t usr_t:lnk_file read;
#============= postfix_master_t =============allow postfix_master_t tmp_t:dir read;
#============= postfix_postdrop_t =============allow postfix_postdrop_t tmp_t:dir read;
#============= postfix_showq_t =============allow postfix_showq_t tmp_t:dir read;
#============= postfix_smtp_t =============allow postfix_smtp_t postfix_spool_maildrop_t:file { read write getattr };
In the latest rhel6 policies amavas_t and clamscan_t have been merged into antivirus_t? Is you selinux-policy up 2 date?
Any reason postfix would be listing the contents of /tmp or /var/tmp?
Did you put some content into these directories that have something to do with mail?
Yes, everything is up-to-date as of the time of report and I have checked again this morning. That system has no unapplied fixes for software provided through the official CentOS-6 repositories. Does this change apply only to 7
or has it been backported? Both amavisd-new and clamav are provided via the epel repository.
That question I need put to the Postfix mailing list. I see nothing in the spec file that bears on the matter and the tarball was pulled from:
ftp://ftp.porcupine.org/mirrors/postfix-release/official/
rpm -q selinux-policy
selinux-policy-3.7.19-260.el6 is the current policy in development.
Thank you.
I do not know why my build of Postfix is looking in /tmp. According to Wietse Venema the base Postfix tarball does not access /tmp at all. So it must be one of the patches, but I have not yet uncovered which one. In any case, this raises the question: Why would any program not have access to /tmp? Is not that what /tmp is for, a scratchpad for programs?