Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- type=AVC msg=audit(1533595368.668:140747): avc: denied { connectto } for pid=87400 comm="postdrop" path="/var/spool/postfix/public/pickup" scontext=system_u:system_r:postfix_postdrop_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket
- type=AVC msg=audit(1533595368.668:140747): avc: denied { connectto } for pid=87400 comm="postdrop" path="/var/spool/postfix/public/pickup" scontext=system_u:system_r:postfix_postdrop_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket
- Was caused by:
- Missing type enforcement (TE) allow rule.
- You can use audit2allow to generate a loadable module to allow this access.
- #============= postfix_postdrop_t ==============
- #!!!! The file '/var/spool/postfix/public/pickup' is mislabeled on your system.
- #!!!! Fix with $ restorecon -R -v /var/spool/postfix/public/pickup
- allow postfix_postdrop_t unconfined_t:unix_stream_socket connectto;
- # restorecon -R -v /var/spool/postfix/public/pickup
- # ls -lZ /var/spool/postfix/public/pickup
- srw-rw-rw-. postfix postfix unconfined_u:object_r:postfix_public_t:s0 /var/spool/postfix/public/pickup
- allow postfix_postdrop_t unconfined_t:unix_stream_socket connectto;
- # echo 'type=AVC msg=audit(1533595368.668:140747): avc: denied { connectto } for pid=87400 comm="postdrop" path="/var/spool/postfix/public/pickup" scontext=system_u:system_r:postfix_postdrop_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket'
- | audit2allow -M local_postfix_pickup
- # semodule -i local_postfix_pickup.pp
- #============= postfix_postdrop_t ==============
- #!!!! This avc is allowed in the current policy
- allow postfix_postdrop_t unconfined_t:unix_stream_socket connectto;
- # echo 'type=AVC msg=audit(1533595368.668:140747): avc: denied { connectto } for pid=87400 comm="postdrop" path="/var/spool/postfix/public/pickup" scontext=system_u:system_r:postfix_postdrop_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket'
- | audit2allow -M local_postfix_pickup
- # semodule -i local_postfix_pickup.pp
Add Comment
Please, Sign In to add comment