| 1 |
On Saturday, August 06, 2011 10:12:39 PM Sven Vermeulen wrote: |
| 2 |
> On Sat, Aug 06, 2011 at 12:50:46PM -0400, Mike Edenfield wrote: |
| 3 |
> > I'm trying to chase down an AVC message coming from procmail. I'm having |
| 4 |
> > a problem figuring out how to research, troubleshoot, or fix bad FIFO |
| 5 |
> > pipe contexts. |
| 6 |
> > |
| 7 |
> > The AVC I get is: |
| 8 |
> > |
| 9 |
> > Aug 6 12:15:52 basement kernel: type=1400 audit(1312647352.712:9623): |
| 10 |
> > avc: denied { write } for pid=9816 comm="procmail" path="pipe:[4235]" |
| 11 |
> > dev=pipefs ino=4235 scontext=system_u:system_r:procmail_t |
| 12 |
> > tcontext=system_u:system_r:postfix_master_t tclass=fifo_file |
| 13 |
> |
| 14 |
> Any idea what procmail is trying to do at this point? |
| 15 |
|
| 16 |
Hm. Not offhand, and for some reason it seems to have stopped trying to do it. |
| 17 |
|
| 18 |
The only connection I have between procmail and postfix is the usual: |
| 19 |
|
| 20 |
main.cf:mailbox_command = /usr/bin/procmail -a "$EXTENSION" |
| 21 |
|
| 22 |
I use procmail mostly for mailing list filtering but that appears to be working |
| 23 |
fine without any AVCs, so I'm not sure where these came from. I'll poke around |
| 24 |
some more and see if I can figure it out, but at least now I have a better idea |
| 25 |
what the policy is supposed to be doing :) |
| 26 |
|
| 27 |
--Mike |
Archives