View Issue Details

IDProjectCategoryView StatusLast Update
0015112CentOS-7selinux-policypublic2018-07-27 08:52
Reporterandioddi2 
PrioritynormalSeverityminorReproducibilityalways
Status newResolutionopen 
Product Version7.5.1804 
Target VersionFixed in Version 
Summary0015112: MailScanner security context clash with postfix security context
DescriptionMailScanner executable uses mscan_exec_t selinux security context but has not access to postfix postfix_master_exec_t.
Additionally MailScanner requires access other selinux protected files and ports which prevents MailScanner from operating.

I previously reported this issue as https://bugs.centos.org/view.php?id=14967 and thought I had fixed the problem but in fact I just started the program incorrectly which hid the error messages.
Steps To ReproduceInstall MailScanner from https://www.mailscanner.info configure to use postfix and start. Check audit.log.
Additional InformationI attached audit.logs and mymscan.te generated by:

cat audit.log | audit2allow -M mymscan

I have already enabled the following selinux flags :

        setsebool -P antivirus_can_scan_system on
        setsebool -P clamd_use_jit on

With the above module MailScanner is operating wonderfully but I am wondering if that is the intended way to make it work as there are really a lot of additional permissions required for my setup.
TagsNo tags attached.
abrt_hash
URL

Activities

andioddi2

andioddi2

2018-07-27 08:52

reporter  

audit.log (373,638 bytes)
mymscan.te (1,912 bytes)

Issue History

Date Modified Username Field Change
2018-07-27 08:52 andioddi2 New Issue
2018-07-27 08:52 andioddi2 File Added: audit.log
2018-07-27 08:52 andioddi2 File Added: mymscan.te