Am 26.04.2015 um 06:22 schrieb E.B.:
Trying to restart postfix installed from yum. Restart fails, I get:
type=AVC msg=audit(1430429813.721:12167): avc: denied { unlink } for
pid=31624 comm=master name=defer dev=dm-0 ino=981632
scontext=system_u:system_r:postfix_master_t:s0
tcontext=system_u:object_r:postfix_spool_maildrop_t:s0 tclass=sock_file
I guess it needs to remove the /var/spool/postfix/defer socket file.
audit2allow says this will fix it:
allow postfix_master_t postfix_spool_maildrop_t:sock_file unlink;
But how do I add this permission to the existing Postfix Selinux policy???
Why was it missing???
Multiple question marks are not necessary.
You missed to tell us which precise CentOS release you are running and
which version of Postfix.
On my CentOS 6.6 the defer socket has SELinux type different than yours:
# ls -alZ /var/spool/postfix/private/defer
srw-rw-rw-. postfix postfix system_u:object_r:postfix_private_t:s0
/var/spool/postfix/private/defer
By the way, I also had AVCs when I tried to add another instance of
Postfix smtpd on local port 20025. Very frustrating there is no docs
how to add a rule for this common change. I don't know if I did the
right thing:
semanage port -a -t smtp_port_t -p tcp 20025
Is this the right way? Why isn't this documented somewhere?
That's well documented .
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html-single/Managing_Confined_Services/#chap-Managing_Confined_Services-Postfix
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
