Summary: | mail-mta/postfix-2.9.3 with 2.20120725-r2 policies: smtpd error: open database /etc/mail/aliases.db: Permission denied | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Vincent Brillault <gentoo> |
Component: | SELinux | Assignee: | Sven Vermeulen (RETIRED) <swift> |
Status: | VERIFIED FIXED | ||
Severity: | normal | CC: | selinux |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | AMD64 | ||
OS: | Linux | ||
Whiteboard: | sec-policy r3 | ||
Package list: | Runtime testing required: | --- |
Description
Vincent Brillault
2012-08-14 23:34:12 UTC
Make sure that /etc/mail/aliases.db is labeled correctly (etc_aliases_t, not etc_mail_t). If it is labeled incorrectly, how did you generate the file? I verified the labels: system_u:object_r:etc_aliases_t for /etc/mail/aliases and /etc/mail/aliases.db system_u:object_r:etc_mail_t for the /etc/mail folder I think that the problem is that smtpd cannot go through /etc/mail. 08:23 < Feandil> ok, I re-checked: doesn't work if I remove the fix I introduced last night (mta_read_config(postfix_smtpd_t)), works if I add search_dirs_pattern(postfix_smtpd_t, etc_mail_t, etc_mail_t) Ok I'm updating the mta_*_aliases interfaces to support searching through the etc_mail_t directories. There already is mta_read_aliases(postfix_smtpd_t) so that should be sufficient. Will be in rev3 r3 is in hardened-dev overlay In main tree, ~arch'ed (rev 5) stabilized |