View Issue Details

IDProjectCategoryView StatusLast Update
0015112CentOS-7selinux-policypublic2018-07-27 08:52
Status newResolutionopen 
Product Version7.5.1804 
Target VersionFixed in Version 
Summary0015112: MailScanner security context clash with postfix security context
DescriptionMailScanner executable uses mscan_exec_t selinux security context but has not access to postfix postfix_master_exec_t.
Additionally MailScanner requires access other selinux protected files and ports which prevents MailScanner from operating.

I previously reported this issue as and thought I had fixed the problem but in fact I just started the program incorrectly which hid the error messages.
Steps To ReproduceInstall MailScanner from configure to use postfix and start. Check audit.log.
Additional InformationI attached audit.logs and mymscan.te generated by:

cat audit.log | audit2allow -M mymscan

I have already enabled the following selinux flags :

        setsebool -P antivirus_can_scan_system on
        setsebool -P clamd_use_jit on

With the above module MailScanner is operating wonderfully but I am wondering if that is the intended way to make it work as there are really a lot of additional permissions required for my setup.
TagsNo tags attached.




2018-07-27 08:52


audit.log (373,638 bytes)
mymscan.te (1,912 bytes)

Issue History

Date Modified Username Field Change
2018-07-27 08:52 andioddi2 New Issue
2018-07-27 08:52 andioddi2 File Added: audit.log
2018-07-27 08:52 andioddi2 File Added: mymscan.te