View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0015112||CentOS-7||selinux-policy||public||2018-07-27 08:52||2018-07-27 08:52|
|Target Version||Fixed in Version|
|Summary||0015112: MailScanner security context clash with postfix security context|
|Description||MailScanner executable uses mscan_exec_t selinux security context but has not access to postfix postfix_master_exec_t. |
Additionally MailScanner requires access other selinux protected files and ports which prevents MailScanner from operating.
I previously reported this issue as https://bugs.centos.org/view.php?id=14967 and thought I had fixed the problem but in fact I just started the program incorrectly which hid the error messages.
|Steps To Reproduce||Install MailScanner from https://www.mailscanner.info configure to use postfix and start. Check audit.log.|
|Additional Information||I attached audit.logs and mymscan.te generated by:|
cat audit.log | audit2allow -M mymscan
I have already enabled the following selinux flags :
setsebool -P antivirus_can_scan_system on
setsebool -P clamd_use_jit on
With the above module MailScanner is operating wonderfully but I am wondering if that is the intended way to make it work as there are really a lot of additional permissions required for my setup.
|Tags||No tags attached.|