Disabling SELinux dontaudit rules generates selinux warnings about Postfix processes

Solution Verified - Updated -

Issue

  • After disabling dontaudit rules many Postfix related warning messages appears in syslog
type=AVC msg=audit(1457689166.592:1982): avc:  denied  { rlimitinh } for  pid=12589 comm="showq" scontext=system_u:system_r:postfix_master_t:s0 tcontext=system_u:system_r:postfix_showq_t:s0 tclass=process
type=AVC msg=audit(1457689166.592:1982): avc:  denied  { siginh } for  pid=12589 comm="showq" scontext=system_u:system_r:postfix_master_t:s0 tcontext=system_u:system_r:postfix_showq_t:s0 tclass=process
type=AVC msg=audit(1457689166.592:1982): avc:  denied  { noatsecure } for  pid=12589 comm="showq" scontext=system_u:system_r:postfix_master_t:s0 tcontext=system_u:system_r:postfix_showq_t:s0 tclass=process
type=SYSCALL msg=audit(1457689166.592:1982): arch=c000003e syscall=59 success=yes exit=0 a0=7fc67c59e6b0 a1=7fc67c59e910 a2=7fc67c597a40 a3=ffffffff items=0 ppid=5512 pid=12589 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="showq" exe="/usr/libexec/postfix/showq" subj=system_u:system_r:postfix_showq_t:s0 key=(null)
type=AVC msg=audit(1457689166.608:1983): avc:  denied  { read write } for  pid=12589 comm="showq" name="unix.showq" dev="dm-0" ino=102022955 scontext=system_u:system_r:postfix_showq_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=file
type=SYSCALL msg=audit(1457689166.608:1983): arch=c000003e syscall=2 success=no exit=-13 a0=7fbef2a849d0 a1=2 a2=0 a3=2 items=0 ppid=5512 pid=12589 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="showq" exe="/usr/libexec/postfix/showq" subj=system_u:system_r:postfix_showq_t:s0 key=(null)
type=SERVICE_STOP msg=audit(1457689188.428:1984): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=postfix comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'

Environment

  • RedHat Enterprise Linux
  • Postfix as MTA (default on RHEL 6 and 7)
  • SELinux enabled, dontaudit temporarily disabled (semodule -D)

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In