[DSE-Dev] Bug#707293: default (chrooted) configuration of postfix is not supported by selinux policy; won't be
Michael Scherer
misc at zarb.org
Sat Aug 10 19:27:24 UTC 2013
Le jeudi 08 août 2013 à 18:11 +0200, Mika Pflüger a écrit :
> Hi,
>
> as mentioned in the wiki, the debian default configuration of postfix
> (chrooted) is not supported by selinux policy. Please use the script
> postfix-nochroot to unchroot your configuration.
Hi,
Well, besides the patch I sent, the only missing part in selinux policy
is something to fix this :
type=AVC msg=audit(1375791086.840:4461): avc: denied { sys_chroot }
for pid=23706 comm="pickup" capability=18
scontext=system_u:system_r:postfix_pickup_t:s0
tcontext=system_u:system_r:postfix_pickup_t:s0 tclass=capability
So i think integrating my patch would help to work toward a fix. There
is no reason to apply this only on redhat based distribution, so the
patch seems harmless to enable in unstable.
--
Michael Scherer
More information about the SELinux-devel
mailing list