Bug#599053: marked as done (selinux rules missing for postfix)

Debian Bug Tracking System Thu, 05 Jan 2012 07:39:30 -0800

Your message dated Thu, 05 Jan 2012 16:32:55 +0100
with message-id <[email protected]>
and subject line Re: Bug#599053: selinux rules missing for postfix
has caused the Debian Bug report #599053,
regarding selinux rules missing for postfix
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
599053: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=599053
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Package: selinux-policy-default
Version: 2:0.0.20080702-6
Severity: important

Postfix doesn't work with SELinux in Enforce mode. It's impossible to send
an email or check mailq :

For mail command :

srv2-reverse-pxy-c59p:~# echo "test" | mail -s "test" [email protected]
send-mail: fatal: execvp /usr/sbin/postdrop: Permission denied
send-mail: warning: command "/usr/sbin/postdrop -r" exited with status 1
send-mail: fatal: root(0): unable to execute /usr/sbin/postdrop -r: Success
Can't send mail: sendmail process failed with error code 75
srv2-reverse-pxy-c59p:~#

syslog :

Oct  4 07:59:30 srv2-reverse-pxy-c59p send-mail[7745]: fatal: execvp
/usr/sbin/postdrop: Permission denied
Oct  4 07:59:30 srv2-reverse-pxy-c59p kernel: [518194.655281] type=1401
audit(1286171970.993:46): security_compute_sid:  invalid context
unconfined_u:unconfined_r:postfix_postdrop_t:s0 for
scontext=unconfined_u:unconfined_r:unconfined_mail_t:s0
tcontext=system_u:object_r:postfix_postdrop_exec_t:s0 tclass=process
Oct  4 07:59:31 srv2-reverse-pxy-c59p postfix/sendmail[7744]: warning:
command "/usr/sbin/postdrop -r" exited with status 1
Oct  4 07:59:31 srv2-reverse-pxy-c59p postfix/sendmail[7744]: fatal:
root(0): unable to execute /usr/sbin/postdrop -r: Success


dmesg :

[518194.655281] type=1401 audit(1286171970.993:46): security_compute_sid: 
invalid context unconfined_u:unconfined_r:postfix_postdrop_t:s0 for
scontext=unconfined_u:unconfined_r:unconfined_mail_t:s0
tcontext=system_u:object_r:postfix_postdrop_exec_t:s0 tclass=process



For mailq command :

srv2-reverse-pxy-c59p:~# mailq
mailq: fatal: execv /usr/sbin/postqueue: Permission denied
srv2-reverse-pxy-c59p:~#

syslog :

Oct  4 08:11:26 srv2-reverse-pxy-c59p postfix/sendmail[7759]: fatal: execv
/usr/sbin/postqueue: Permission denied
Oct  4 08:11:26 srv2-reverse-pxy-c59p kernel: [518913.529188] type=1401
audit(1286172686.605:47): security_compute_sid:  invalid context
unconfined_u:unconfined_r:postfix_postqueue_t:s0 for
scontext=unconfined_u:unconfined_r:unconfined_mail_t:s0
tcontext=system_u:object_r:postfix_postqueue_exec_t:s0 tclass=process

dmesg :

[518913.529188] type=1401 audit(1286172686.605:47): security_compute_sid: 
invalid context unconfined_u:unconfined_r:postfix_postqueue_t:s0 for
scontext=unconfined_u:unconfined_r:unconfined_mail_t:s0
tcontext=system_u:object_r:postfix_postqueue_exec_t:s0 tclass=process



Others informations :

srv2-reverse-pxy-c59p:~# getenforce
Enforcing
srv2-reverse-pxy-c59p:~# id
uid=0(root) gid=0(root)
groupes=0(root),1(daemon),2(bin),3(sys),4(adm),6(disk)
context=unconfined_u:unconfined_r:unconfined_t:s0
srv2-reverse-pxy-c59p:~# ls -Z /usr/sbin/postdrop
system_u:object_r:postfix_postdrop_exec_t:s0 /usr/sbin/postdrop
srv2-reverse-pxy-c59p:~# ls -Z /usr/sbin/sendmail
system_u:object_r:sendmail_exec_t:s0 /usr/sbin/sendmail
srv2-reverse-pxy-c59p:~# ls -Z /usr/bin/mail
system_u:object_r:bin_t:s0 /usr/bin/mail
srv2-reverse-pxy-c59p:~# ls -Z /usr/sbin/postqueue
system_u:object_r:postfix_postqueue_exec_t:s0 /usr/sbin/postqueue
srv2-reverse-pxy-c59p:~#



srv2-reverse-pxy-c59p:~# dpkg -l | grep selinux
ii  libselinux1                         2.0.65-5                 SELinux
shared libraries
ii  python-selinux                      2.0.65-5                 Python
bindings to SELinux shared libraries
ii  selinux-basics                      0.3.5                    SELinux
basic support
ii  selinux-policy-default              2:0.0.20080702-6         Strict
and Targeted variants of the SELinux
ii  selinux-utils                       2.0.65-5                 SELinux
utility programs

Thanks,

AUrelien PROVIN

--- End Message ---

--- Begin Message ---

Aurélien PROVIN <[email protected]> writes:

> I by-passed these bugs by installing exim. Today, I can't reproduce them
> so you can close it.

Done...

-- 
Robert Bihlmeyer    ASSIST    Arrow ECS Internet Security AG
<[email protected]>   A-1100 Wien, Wienerbergstraße 11
Tel: +43 1 370 94 40                Fax: +43 1 370 94 40-333

--- End Message ---

Bug#599053: marked as done (selinux rules missing for postfix)

Reply via email to