Bug#519089: marked as done (selinux-policy-default: Postfix policy problems following etch->lenny upgrade)

Debian Bug Tracking System Mon, 22 Jun 2009 22:10:10 -0700

Your message dated Mon, 22 Jun 2009 23:52:26 -0500
with message-id <[email protected]>
and subject line The upload of refpolicy today should include these fixes
has caused the Debian Bug report #519089,
regarding selinux-policy-default: Postfix policy problems following etch->lenny 
upgrade
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
519089: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=519089
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Package: selinux-policy-default
Version: 2:0.0.20080702-6
Severity: important


Hi,

I upgraded from etch to lenny a couple of weeks ago and haven't been able to
find a way around this.  When I google it appears the problem is an old one
(#473043).  It may be that it works on a clean install but not on my
upgraded system.

In short, with a fairly straightforward system, various postfix functions
fail:

postqueue:

  Mar 10 10:49:48 mgmt kernel: [1384219.270870] type=1401
                  audit(1236682188.741:4331152): security_compute_sid:  invalid 
context
                  unconfined_u:unconfined_r:postfix_postqueue_t:s0 for
                  scontext=unconfined_u:unconfined_r:unconfined_mail_t:s0
                  tcontext=system_u:object_r:postfix_postqueue_exec_t:s0 
tclass=process

  Mar 10 10:49:48 mgmt postfix/sendmail[18538]: fatal: execv 
/usr/sbin/postqueue: Permission denied

postdrop:

  Mar 10 11:14:58 mgmt kernel: [1385728.907215] type=1401 
                       audit(1236683698.380:4331196): security_compute_sid:  
invalid context
                       unconfined_u:unconfined_r:postfix_postdrop_t:s0 for
                       scontext=unconfined_u:unconfined_r:unconfined_mail_t:s0
                       tcontext=system_u:object_r:postfix_postdrop_exec_t:s0 
tclass=process

  Mar 10 11:14:58 mgmt sendmail[18952]: fatal: execvp /usr/sbin/postdrop: 
Permission denied

newaliases:

 Mar 10 11:11:40 mgmt kernel: [1385531.312381] type=1400
                 audit(1236683500.785:4331190): avc:  denied  { execute } for  
pid=18945
                 comm="newaliases" name="postalias" dev=sda3 ino=632386
                 scontext=unconfined_u:unconfined_r:unconfined_mail_t:s0
                 tcontext=system_u:object_r:postfix_master_exec_t:s0 tclass=file

 Mar 10 11:11:40 mgmt postfix/sendmail[18945]: fatal: execv 
/usr/sbin/postalias: Permission denied

(although postalias /etc/aliases works fine, so there's a simple workaround).

Postfix processes are running as:

  unconfined_u:system_r:postfix_master_t:s0 18254 ? Ss   0:00 
/usr/lib/postfix/master
  unconfined_u:system_r:postfix_pickup_t:s0 18260 ? S   0:00 pickup -l -t fifo 
-u
  unconfined_u:system_r:postfix_qmgr_t:s0 18261 ? S     0:00 qmgr -l -t fifo -u

I've removed and re-installed the default policy package as well as postfix
but without any success.

I suspect the error is on my part (unconfined_u looks bogus to me) due to
something I've done pre or during the upgrade, but I can't for the life of
me see what.


-Ronan

-- System Information:
Debian Release: 5.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-1-686 (SMP w/1 CPU core)
Locale: LANG=en_IE.UTF-8, LC_CTYPE=en_IE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages selinux-policy-default depends on:
ii  libpam-modules                1.0.1-5    Pluggable Authentication Modules f
ii  libselinux1                   2.0.65-5   SELinux shared libraries
ii  libsepol1                     2.0.30-2   Security Enhanced Linux policy lib
ii  policycoreutils               2.0.49-8   SELinux core policy utilities
ii  python                        2.5.2-3    An interactive high-level object-o

Versions of packages selinux-policy-default recommends:
ii  checkpolicy                   2.0.16-1   SELinux policy compiler
pn  setools                       <none>     (no description available)

Versions of packages selinux-policy-default suggests:
pn  logcheck                      <none>     (no description available)
pn  syslog-summary                <none>     (no description available)

-- no debconf information

--- End Message ---

--- Begin Message ---

Hi,

        The changes have been rolled into the selinux-policy-default
 package, which was then updated to the latest VCS version of
 refpolicy. I _think_ I did nothing to affect the postfix package, but I
 don't use it, and so can't easily tell.

        Please feel free to file a bug if the problem persists.

        manoj
-- 
The first 90% of a project takes 90% of the time, the last 10% takes the
other 90% of the time.
Manoj Srivastava <[email protected]> <http://www.golden-gryphon.com/>  
1024D/BF24424C print 4966 F272 D093 B493 410B  924B 21BA DABB BF24 424C

--- End Message ---

Bug#519089: marked as done (selinux-policy-default: Postfix policy problems following etch->lenny upgrade)

Reply via email to