I installed a system from the original FC5 disks and updated to latest versions in yum repos. I changed over to postfix and found that it wasnt working for some reason.. no errros to /var/log/messages or /var/log/secure.. and I completely forgot for a day to look at audit.
When my brain turned back on I found that postfix didnt start because a it was trying to use a pam entry that I had put in pam_tally.so in. Woops. Fixed that.. but postfix still wouldnt start up. This also showed me that my /etc/services file needed a relabel as I had put in a more verbose one. So I did a complete system relabel in case I missed something else.
postfix was able to start email but could not do a mailq doing a mailq showed me things like
allow postfix_local_t initrc_var_run_t:file { read write }; allow postfix_showq_t initrc_var_run_t:file { read write };
type=AVC msg=audit(1159574724.622:397): avc: denied { read write } for pid=2621 comm="local" name="unix.local" dev=dm-3 ino=163870 scontext=system_u:system_r:postfix_local_t:s0 tcontext=user_u:object_r:initrc_var_run_t:s0 tclass=file Was caused by: Missing or disabled TE allow rule. Allow rules may exist but be disabled by boolean settings; check boolean settings. You can see the necessary allow rules by running audit2allow with this audit message as input.
type=AVC msg=audit(1159574753.636:398): avc: denied { read write } for pid=2625 comm="showq" name="unix.showq" dev=dm-3 ino=163871 scontext=system_u:system_r:postfix_showq_t:s0 tcontext=user_u:object_r:initrc_var_run_t:s0 tclass=file Was caused by: Missing or disabled TE allow rule. Allow rules may exist but be disabled by boolean settings; check boolean settings. You can see the necessary allow rules by running audit2allow with this audit message as input.
Not sure what I should do next. Turning off the selinux selinux-policy-targeted-2.3.7-2.fc5 selinux-policy-2.3.7-2.fc5
On 9/29/06, Stephen John Smoogen smooge@gmail.com wrote:
I installed a system from the original FC5 disks and updated to latest versions in yum repos. I changed over to postfix and found that it wasnt working for some reason.. no errros to /var/log/messages or /var/log/secure.. and I completely forgot for a day to look at audit.
That has to be the worst subject I could have come up with. Probably not enough sleep.
...
postfix was able to start email but could not do a mailq doing a mailq showed me things like
allow postfix_local_t initrc_var_run_t:file { read write }; allow postfix_showq_t initrc_var_run_t:file { read write };
type=AVC msg=audit(1159574724.622:397): avc: denied { read write } for pid=2621 comm="local" name="unix.local" dev=dm-3 ino=163870 scontext=system_u:system_r:postfix_local_t:s0 tcontext=user_u:object_r:initrc_var_run_t:s0 tclass=file Was caused by: Missing or disabled TE allow rule. Allow rules may exist but be disabled by boolean settings; check boolean settings. You can see the necessary allow rules by running audit2allow with this audit message as input.
type=AVC msg=audit(1159574753.636:398): avc: denied { read write } for pid=2625 comm="showq" name="unix.showq" dev=dm-3 ino=163871 scontext=system_u:system_r:postfix_showq_t:s0 tcontext=user_u:object_r:initrc_var_run_t:s0 tclass=file Was caused by: Missing or disabled TE allow rule. Allow rules may exist but be disabled by boolean settings; check boolean settings. You can see the necessary allow rules by running audit2allow with this audit message as input.
Not sure what I should do next. Turning off the selinux selinux-policy-targeted-2.3.7-2.fc5 selinux-policy-2.3.7-2.fc5
Stephen John Smoogen wrote:
On 9/29/06, Stephen John Smoogen smooge@gmail.com wrote:
I installed a system from the original FC5 disks and updated to latest versions in yum repos. I changed over to postfix and found that it wasnt working for some reason.. no errros to /var/log/messages or /var/log/secure.. and I completely forgot for a day to look at audit.
That has to be the worst subject I could have come up with. Probably not enough sleep.
...
postfix was able to start email but could not do a mailq doing a mailq showed me things like
allow postfix_local_t initrc_var_run_t:file { read write }; allow postfix_showq_t initrc_var_run_t:file { read write };
type=AVC msg=audit(1159574724.622:397): avc: denied { read write } for pid=2621 comm="local" name="unix.local" dev=dm-3 ino=163870 scontext=system_u:system_r:postfix_local_t:s0 tcontext=user_u:object_r:initrc_var_run_t:s0 tclass=file Was caused by: Missing or disabled TE allow rule. Allow rules may exist but be disabled by boolean settings; check boolean settings. You can see the necessary allow rules by running audit2allow with this audit message as input.
type=AVC msg=audit(1159574753.636:398): avc: denied { read write } for pid=2625 comm="showq" name="unix.showq" dev=dm-3 ino=163871 scontext=system_u:system_r:postfix_showq_t:s0 tcontext=user_u:object_r:initrc_var_run_t:s0 tclass=file Was caused by: Missing or disabled TE allow rule. Allow rules may exist but be disabled by boolean settings; check boolean settings. You can see the necessary allow rules by running audit2allow with this audit message as input.
Not sure what I should do next. Turning off the selinux selinux-policy-targeted-2.3.7-2.fc5 selinux-policy-2.3.7-2.fc5
This looks like a labeing problem. Which directory are unix.showq and unix.local in?
Labeled initrc_var_run_t means they were created in an init script and SELinux policy is denying access to these files.
selinux@lists.fedoraproject.org