I have installed a new Centos 5.2 server, with Centos's Postfix as a default MTA;
I then built and installed a Postfix rpm using Simon Mudd's srpm as: postfix-2.5.2-1.pcre.mysql.sasl2.rhel5.i386.rpm but, I get these Selinux issues as per log entries below: what's the best way of setting this up? # service postfix start Starting postfix: [ OK ] # service postfix status master is stopped # egrep '(warning|error|fatal|panic):' /var/log/maillog Aug 14 10:07:36 centos postfix/master[1108]: fatal: open lock file /var/lib/postfix/master.lock: cannot create file exclusively: Permission denied tail /var/log/messages Aug 14 10:07:39 centos setroubleshoot: SELinux is preventing find (postfix_master_t) "getattr" to /etc/postfix/examples (postfix_etc_t). For complete SELinux messages. run sealert -l 42823333-656b-4947-94a8-6359add5545a Aug 14 10:07:39 centos setroubleshoot: SELinux is preventing find (postfix_master_t) "getattr" to /etc/postfix/html (postfix_etc_t). For complete SELinux messages. run sealert -l 546e2c29-d462-4cba-b7d5-533a2793227d Aug 14 10:07:39 centos setroubleshoot: SELinux is preventing find (postfix_master_t) "getattr" to /etc/postfix/readme (postfix_etc_t). For complete SELinux messages. run sealert -l 131f678a-897d-410b-a008-83ce2eb5e454 ....followed by more of similar ... # sealert -l 42823333-656b-4947-94a8-6359add5545a Summary: SELinux is preventing find (postfix_master_t) "getattr" to /etc/postfix/examples (postfix_etc_t). Detailed Description: SELinux denied access requested by find. It is not expected that this access is required by find and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: Sometimes labeling problems can cause SELinux denials. You could try to restore the default system file context for /etc/postfix/examples, restorecon -v '/etc/postfix/examples' If this does not work, there is currently no automatic way to allow this access. Instead, you can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package. Additional Information: Source Context root:system_r:postfix_master_t Target Context system_u:object_r:postfix_etc_t Target Objects /etc/postfix/examples [ lnk_file ] Source find Source Path /usr/bin/find Port <Unknown> Host centos.sbt.net.au Source RPM Packages findutils-4.2.27-4.1 Target RPM Packages postfix-2.5.2-1.pcre.mysql.sasl2.rhel5 Policy RPM selinux-policy-2.4.6-137.1.el5 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name catchall_file Host Name centos.sbt.net.au Platform Linux centos.sbt.net.au 2.6.18-92.el5 #1 SMP Tue Jun 10 18:49:47 EDT 2008 i686 i686 Alert Count 9 First Seen Wed Aug 13 00:07:23 2008 Last Seen Thu Aug 14 10:07:36 2008 Local ID 42823333-656b-4947-94a8-6359add5545a Line Numbers Raw Audit Messages host=centos.sbt.net.au type=AVC msg=audit(1218672456.745:45945): avc: denied { getattr } for pid=1092 comm="find" path="/etc/postfix/examples" dev=dm-0 ino=36700221 scontext=root:system_r:postfix_master_t:s0 tcontext=system_u:object_r:postfix_etc_t:s0 tclass=lnk_file host=centos.sbt.net.au type=SYSCALL msg=audit(1218672456.745:45945): arch=40000003 syscall=196 success=no exit=-13 a0=8f29467 a1=bfbdb218 a2=6e0ff4 a3=bfbdb218 items=0 ppid=1081 pid=1092 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=8141 comm="find" exe="/usr/bin/find" subj=root:system_r:postfix_master_t:s0 key=(null) # postconf -m btree cidr environ hash ldap mysql nis pcre proxy regexp static unix # postconf -n alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix debug_peer_level = 2 home_mailbox = Maildir/ html_directory = /usr/share/doc/postfix-2.5.2-documentation/html inet_interfaces = localhost mail_owner = postfix mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man mydestination = $myhostname, localhost.$mydomain, localhost newaliases_path = /usr/bin/newaliases.postfix queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.5.2-documentation/readme sample_directory = /usr/share/doc/postfix-2.3.3/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop unknown_local_recipient_reject_code = 550 -- Voytek
