On Fri, December 5, 2014 20:33, Wietse Venema wrote:
> James B. Byrne:
>> >> #============= postfix_showq_t ==============
>> >> allow postfix_showq_t tmp_t:dir read;
>
> THIS is NOT proof that Postfix actually touches /tmp or /var/tmp.
>
> Wietse
True. It is evidence that SELinux believes that a process identified as
postfix is attempting to read from a directory that has tmp_t:dir set in the
current policy. As it happens that is /tmp. It seemed to me a little clearer
to frame the question in this manner than providing the actual ausearch
output:
time->Thu Dec 4 12:14:58 2014
type=SYSCALL msg=audit(1417713298.610:60522): arch=c000003e syscall=2
success=no exit=-13 a0=7fd70e6de1e6 a1=0 a2=1b6 a3=0 items=0 ppid=2698
pid=4294 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=(none) ses=2784 comm="trivial-rewrite"
exe="/usr/libexec/postfix/trivial-rewrite"
subj=unconfined_u:system_r:postfix_master_t:s0 key=(null)
type=AVC msg=audit(1417713298.610:60522): avc: denied { read } for pid=4294
comm="trivial-rewrite" name="tmp" dev=dm-0 ino=393240
scontext=unconfined_u:system_r:postfix_master_t:s0
tcontext=system_u:object_r:tmp_t:s0 tclass=dir
In any case the issue is with a patch applied to support virtual mailboxes for
courier style maildirs. I have removed it.
Thank you for the help.
--
*** E-Mail is NOT a SECURE channel ***
James B. Byrne mailto:[email protected]
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3
