Hello, I would like to ask about the following encountered during selinux testing: * currently running 3.5.8 self-compiled (no vendor packaging), centos8 (selinux disabled) * target platform centos8 (same configuration but selinux enabled)
With smtp_tls_connection_reuse = yes, all works ok on a current platform. The same configuration on the target platform fails to set up a TLS connection to a peer via tlsproxy (it's ok directly via smtp when reuse = no). Unfortunately, there are no messages indicating any selinux or another denials at all, so I have no clue what next to pursue on selinux side, but setting selinux to permissive mode definitely makes the difference. When comparing outputs for both cases (tlsproxy with -v switch) all is the same up to "setting up TLS connection to" stage, where in case: selinux disabled: transaction finishes ok selinux enabled: transaction fails with: tlsproxy[23256]: warning: tlsp_get_fd_event: receive remote SMTP peer file descriptor: Success tlsproxy[23256]: TLS handshake failed for service=smtp peer=[10.25.41.35]:25 tlsproxy[23256]: connection closed fd 128 tlsproxy[23256]: DISCONNECT [10.25.41.35]:25 The "warning" message is not logged in case of selinux disabled -- might be that application logic takes a different path as a side effect of something that is affected by selinux state? It's not crucial, as a single-purpose server, it's gonna get an exception, but I am just curious what the culprit is here -- perhaps anyone with understanding what the warning message may indicate could shade some light on this. Many thanks, Tomas
