On Saturday, August 06, 2011 10:12:39 PM Sven Vermeulen wrote:
> On Sat, Aug 06, 2011 at 12:50:46PM -0400, Mike Edenfield wrote:
> > I'm trying to chase down an AVC message coming from procmail. I'm having
> > a problem figuring out how to research, troubleshoot, or fix bad FIFO
> > pipe contexts.
> >
> > The AVC I get is:
> >
> > Aug 6 12:15:52 basement kernel: type=1400 audit(1312647352.712:9623):
> > avc: denied { write } for pid=9816 comm="procmail" path="pipe:[4235]"
> > dev=pipefs ino=4235 scontext=system_u:system_r:procmail_t
> > tcontext=system_u:system_r:postfix_master_t tclass=fifo_file
>
> Any idea what procmail is trying to do at this point?
Hm. Not offhand, and for some reason it seems to have stopped trying to do it.
The only connection I have between procmail and postfix is the usual:
main.cf:mailbox_command = /usr/bin/procmail -a "$EXTENSION"
I use procmail mostly for mailing list filtering but that appears to be working
fine without any AVCs, so I'm not sure where these came from. I'll poke around
some more and see if I can figure it out, but at least now I have a better idea
what the policy is supposed to be doing :)
--Mike
