Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-46332

[rhel-9] SELinux prevents Postfix from mapping LMDB databases

    • selinux-policy-38.1.43-1.el9
    • None
    • None
    • sst_security_selinux
    • ssg_security
    • 23
    • None
    • QE ack
    • False
    • Hide

      None

      Show
      None
    • No
    • None
    • Unspecified Release Note Type - Unknown
    • None

      Cloned, the issue is presented also for rhel9

       

      What were you trying to do that didn't work?

      Please provide the package NVR for which bug is seen:

      postfix-3.8.5-3.el10.x86_64.rpm

      postfix-lmdb-3.8.5-3.el10.x86_64.rpm

      selinux-policy-40.13.3-2.el10.noarch

       

      How reproducible:

      always

      Steps to reproduce

      1. Run  /CoreOS/postfix/Sanity/bodycheck (https://src.fedoraproject.org/tests/postfix/blob/main/f/Sanity/bodycheck)

      Expected results

      PASSED without AVC logs

      Actual results

      The test fails with AVC logs

      AVC log:

      type=PROCTITLE msg=audit(07/04/2024 11:31:46.775:698) : proctitle=smtpd -n smtp -t inet -u -o stress= -s 2 
      type=SYSCALL msg=audit(07/04/2024 11:31:46.775:698) : arch=x86_64 syscall=mmap success=yes exit=139965048553472 a0=0x0 a1=0x1000000 a2=PROT_READ a3=MAP_SHARED items=0 ppid=9793 pid=9903 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=smtpd exe=/usr/libexec/postfix/smtpd subj=system_u:system_r:postfix_smtpd_t:s0 key=(null) 
      type=AVC msg=audit(07/04/2024 11:31:46.775:698) : avc:  denied  { map } for  pid=9903 comm=smtpd path=/etc/postfix/virtual.lmdb dev="vda2" ino=31457426 scontext=system_u:system_r:postfix_smtpd_t:s0 tcontext=unconfined_u:object_r:postfix_etc_t:s0 tclass=file permissive=1 


      type=PROCTITLE msg=audit(07/04/2024 11:31:46.782:699) : proctitle=trivial-rewrite -n rewrite -t unix -u 
      type=SYSCALL msg=audit(07/04/2024 11:31:46.782:699) : arch=x86_64 syscall=mmap success=yes exit=140692466696192 a0=0x0 a1=0x1000000 a2=PROT_READ a3=MAP_SHARED items=0 ppid=9793 pid=9905 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=trivial-rewrite exe=/usr/libexec/postfix/trivial-rewrite subj=system_u:system_r:postfix_master_t:s0 key=(null) 
      type=AVC msg=audit(07/04/2024 11:31:46.782:699) : avc:  denied  { map } for  pid=9905 comm=trivial-rewrite path=/etc/postfix/virtual.lmdb dev="vda2" ino=31457426 scontext=system_u:system_r:postfix_master_t:s0 tcontext=unconfined_u:object_r:postfix_etc_t:s0 tclass=file permissive=1 


      type=PROCTITLE msg=audit(07/04/2024 11:31:46.789:700) : proctitle=cleanup -z -t unix -u 
      type=SYSCALL msg=audit(07/04/2024 11:31:46.789:700) : arch=x86_64 syscall=mmap success=yes exit=140271979331584 a0=0x0 a1=0x1000000 a2=PROT_READ a3=MAP_SHARED items=0 ppid=9793 pid=9906 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=cleanup exe=/usr/libexec/postfix/cleanup subj=system_u:system_r:postfix_cleanup_t:s0 key=(null) 
      type=AVC msg=audit(07/04/2024 11:31:46.789:700) : avc:  denied  { map } for  pid=9906 comm=cleanup path=/etc/postfix/virtual.lmdb dev="vda2" ino=31457426 scontext=system_u:system_r:postfix_cleanup_t:s0 tcontext=unconfined_u:object_r:postfix_etc_t:s0 tclass=file permissive=1 
       

            rhn-support-zpytela Zdenek Pytela
            rhn-support-fhrdina Frantisek Hrdina
            Zdenek Pytela Zdenek Pytela
            Milos Malik Milos Malik
            Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

              Created:
              Updated: