daily pastebin goal
80%
SHARE
TWEET

Untitled

a guest Aug 10th, 2018 49 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. type=AVC msg=audit(1533595368.668:140747): avc:  denied  { connectto } for  pid=87400 comm="postdrop" path="/var/spool/postfix/public/pickup" scontext=system_u:system_r:postfix_postdrop_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket
  2.    
  3. type=AVC msg=audit(1533595368.668:140747): avc:  denied  { connectto } for  pid=87400 comm="postdrop" path="/var/spool/postfix/public/pickup" scontext=system_u:system_r:postfix_postdrop_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket
  4.  
  5.         Was caused by:
  6.                 Missing type enforcement (TE) allow rule.
  7.  
  8.                 You can use audit2allow to generate a loadable module to allow this access.
  9.    
  10. #============= postfix_postdrop_t ==============
  11.  
  12. #!!!! The file '/var/spool/postfix/public/pickup' is mislabeled on your system.
  13. #!!!! Fix with $ restorecon -R -v /var/spool/postfix/public/pickup
  14. allow postfix_postdrop_t unconfined_t:unix_stream_socket connectto;
  15.    
  16. # restorecon -R -v /var/spool/postfix/public/pickup
  17. # ls -lZ /var/spool/postfix/public/pickup
  18. srw-rw-rw-. postfix postfix unconfined_u:object_r:postfix_public_t:s0 /var/spool/postfix/public/pickup
  19.    
  20. allow postfix_postdrop_t unconfined_t:unix_stream_socket connectto;
  21.    
  22. # echo 'type=AVC msg=audit(1533595368.668:140747): avc:  denied  { connectto } for  pid=87400 comm="postdrop" path="/var/spool/postfix/public/pickup" scontext=system_u:system_r:postfix_postdrop_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket'
  23.   | audit2allow -M local_postfix_pickup
  24. # semodule -i local_postfix_pickup.pp
  25.    
  26. #============= postfix_postdrop_t ==============
  27.  
  28. #!!!! This avc is allowed in the current policy
  29. allow postfix_postdrop_t unconfined_t:unix_stream_socket connectto;
  30.    
  31. # echo 'type=AVC msg=audit(1533595368.668:140747): avc:  denied  { connectto } for  pid=87400 comm="postdrop" path="/var/spool/postfix/public/pickup" scontext=system_u:system_r:postfix_postdrop_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket'
  32.   | audit2allow -M local_postfix_pickup
  33. # semodule -i local_postfix_pickup.pp
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top