-
Bug
-
Resolution: Unresolved
-
Normal
-
rhel-10.0.beta
-
selinux-policy-40.13.7-1.el10
-
None
-
None
-
sst_security_selinux
-
ssg_security
-
25
-
None
-
QE ack
-
False
-
-
No
-
None
-
-
Pass
-
Automated
-
Unspecified Release Note Type - Unknown
-
None
What were you trying to do that didn't work?
Please provide the package NVR for which bug is seen:
postfix-3.8.5-3.el10.x86_64.rpm
postfix-lmdb-3.8.5-3.el10.x86_64.rpm
selinux-policy-40.13.3-2.el10.noarch
How reproducible:
always
Steps to reproduce
- get a RHEL-10 machine
- run the following automated test:
/CoreOS/postfix/Sanity/bodycheck (https://src.fedoraproject.org/tests/postfix/blob/main/f/Sanity/bodycheck)
Expected results
the automated test passes without AVCs
Actual results
the automated test fails with AVCs
---- type=PROCTITLE msg=audit(07/23/2024 03:31:57.002:364) : proctitle=smtpd -n smtp -t inet -u -o stress= -s 2 type=MMAP msg=audit(07/23/2024 03:31:57.002:364) : fd=13 flags=MAP_SHARED type=SYSCALL msg=audit(07/23/2024 03:31:57.002:364) : arch=x86_64 syscall=mmap success=no exit=EACCES(Permission denied) a0=0x0 a1=0x1000000 a2=PROT_READ a3=MAP_SHARED items=0 ppid=5882 pid=5993 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=smtpd exe=/usr/libexec/postfix/smtpd subj=system_u:system_r:postfix_smtpd_t:s0 key=(null) type=AVC msg=audit(07/23/2024 03:31:57.002:364) : avc: denied { map } for pid=5993 comm=smtpd path=/etc/postfix/virtual.lmdb dev="vda2" ino=506517 scontext=system_u:system_r:postfix_smtpd_t:s0 tcontext=unconfined_u:object_r:postfix_etc_t:s0 tclass=file permissive=0 ---- type=PROCTITLE msg=audit(07/23/2024 03:31:57.003:365) : proctitle=smtpd -n smtp -t inet -u -o stress= -s 2 type=MMAP msg=audit(07/23/2024 03:31:57.003:365) : fd=13 flags=MAP_SHARED type=SYSCALL msg=audit(07/23/2024 03:31:57.003:365) : arch=x86_64 syscall=mmap success=no exit=EACCES(Permission denied) a0=0x0 a1=0x1000000 a2=PROT_READ a3=MAP_SHARED items=0 ppid=5882 pid=5993 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=smtpd exe=/usr/libexec/postfix/smtpd subj=system_u:system_r:postfix_smtpd_t:s0 key=(null) type=AVC msg=audit(07/23/2024 03:31:57.003:365) : avc: denied { map } for pid=5993 comm=smtpd path=/etc/postfix/vmailbox.lmdb dev="vda2" ino=506523 scontext=system_u:system_r:postfix_smtpd_t:s0 tcontext=unconfined_u:object_r:postfix_etc_t:s0 tclass=file permissive=0 ---- type=PROCTITLE msg=audit(07/23/2024 03:31:57.008:366) : proctitle=trivial-rewrite -n rewrite -t unix -u type=MMAP msg=audit(07/23/2024 03:31:57.008:366) : fd=8 flags=MAP_SHARED type=SYSCALL msg=audit(07/23/2024 03:31:57.008:366) : arch=x86_64 syscall=mmap success=no exit=EACCES(Permission denied) a0=0x0 a1=0x1000000 a2=PROT_READ a3=MAP_SHARED items=0 ppid=5882 pid=5995 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=trivial-rewrite exe=/usr/libexec/postfix/trivial-rewrite subj=system_u:system_r:postfix_master_t:s0 key=(null) type=AVC msg=audit(07/23/2024 03:31:57.008:366) : avc: denied { map } for pid=5995 comm=trivial-rewrite path=/etc/postfix/virtual.lmdb dev="vda2" ino=506517 scontext=system_u:system_r:postfix_master_t:s0 tcontext=unconfined_u:object_r:postfix_etc_t:s0 tclass=file permissive=0 ----
- is cloned by
-
RHEL-46332 [rhel-9] SELinux prevents Postfix from mapping LMDB databases
- Release Pending
- links to
-
RHBA-2024:133202 selinux-policy bug fix and enhancement update