-
Bug
-
Resolution: Done-Errata
-
Normal
-
rhel-9.5
-
selinux-policy-38.1.43-1.el9
-
None
-
None
-
rhel-sst-security-selinux
-
ssg_security
-
23
-
None
-
QE ack
-
False
-
-
No
-
None
-
-
Pass
-
Automated
-
Unspecified Release Note Type - Unknown
-
None
Cloned, the issue is presented also for rhel9
What were you trying to do that didn't work?
Please provide the package NVR for which bug is seen:
postfix-3.8.5-3.el10.x86_64.rpm
postfix-lmdb-3.8.5-3.el10.x86_64.rpm
selinux-policy-40.13.3-2.el10.noarch
How reproducible:
always
Steps to reproduce
- Run /CoreOS/postfix/Sanity/bodycheck (https://src.fedoraproject.org/tests/postfix/blob/main/f/Sanity/bodycheck)
Expected results
PASSED without AVC logs
Actual results
The test fails with AVC logs
AVC log:
type=PROCTITLE msg=audit(07/04/2024 11:31:46.775:698) : proctitle=smtpd -n smtp -t inet -u -o stress= -s 2
type=SYSCALL msg=audit(07/04/2024 11:31:46.775:698) : arch=x86_64 syscall=mmap success=yes exit=139965048553472 a0=0x0 a1=0x1000000 a2=PROT_READ a3=MAP_SHARED items=0 ppid=9793 pid=9903 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=smtpd exe=/usr/libexec/postfix/smtpd subj=system_u:system_r:postfix_smtpd_t:s0 key=(null)
type=AVC msg=audit(07/04/2024 11:31:46.775:698) : avc: denied { map } for pid=9903 comm=smtpd path=/etc/postfix/virtual.lmdb dev="vda2" ino=31457426 scontext=system_u:system_r:postfix_smtpd_t:s0 tcontext=unconfined_u:object_r:postfix_etc_t:s0 tclass=file permissive=1
type=PROCTITLE msg=audit(07/04/2024 11:31:46.782:699) : proctitle=trivial-rewrite -n rewrite -t unix -u
type=SYSCALL msg=audit(07/04/2024 11:31:46.782:699) : arch=x86_64 syscall=mmap success=yes exit=140692466696192 a0=0x0 a1=0x1000000 a2=PROT_READ a3=MAP_SHARED items=0 ppid=9793 pid=9905 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=trivial-rewrite exe=/usr/libexec/postfix/trivial-rewrite subj=system_u:system_r:postfix_master_t:s0 key=(null)
type=AVC msg=audit(07/04/2024 11:31:46.782:699) : avc: denied { map } for pid=9905 comm=trivial-rewrite path=/etc/postfix/virtual.lmdb dev="vda2" ino=31457426 scontext=system_u:system_r:postfix_master_t:s0 tcontext=unconfined_u:object_r:postfix_etc_t:s0 tclass=file permissive=1
type=PROCTITLE msg=audit(07/04/2024 11:31:46.789:700) : proctitle=cleanup -z -t unix -u
type=SYSCALL msg=audit(07/04/2024 11:31:46.789:700) : arch=x86_64 syscall=mmap success=yes exit=140271979331584 a0=0x0 a1=0x1000000 a2=PROT_READ a3=MAP_SHARED items=0 ppid=9793 pid=9906 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=cleanup exe=/usr/libexec/postfix/cleanup subj=system_u:system_r:postfix_cleanup_t:s0 key=(null)
type=AVC msg=audit(07/04/2024 11:31:46.789:700) : avc: denied { map } for pid=9906 comm=cleanup path=/etc/postfix/virtual.lmdb dev="vda2" ino=31457426 scontext=system_u:system_r:postfix_cleanup_t:s0 tcontext=unconfined_u:object_r:postfix_etc_t:s0 tclass=file permissive=1
- clones
-
RHEL-46327 [rhel-10] SELinux prevents Postfix from mapping LMDB databases
- Release Pending
- links to
-
RHBA-2024:130707 selinux-policy bug fix and enhancement update