Package: selinux-policy-default
Version: 2:0.0.20080702-6
Severity: important
Hi,
I upgraded from etch to lenny a couple of weeks ago and haven't been able to
find a way around this. When I google it appears the problem is an old one
(#473043). It may be that it works on a clean install but not on my
upgraded system.
In short, with a fairly straightforward system, various postfix functions
fail:
postqueue:
Mar 10 10:49:48 mgmt kernel: [1384219.270870] type=1401
audit(1236682188.741:4331152): security_compute_sid: invalid
context
unconfined_u:unconfined_r:postfix_postqueue_t:s0 for
scontext=unconfined_u:unconfined_r:unconfined_mail_t:s0
tcontext=system_u:object_r:postfix_postqueue_exec_t:s0
tclass=process
Mar 10 10:49:48 mgmt postfix/sendmail[18538]: fatal: execv
/usr/sbin/postqueue: Permission denied
postdrop:
Mar 10 11:14:58 mgmt kernel: [1385728.907215] type=1401
audit(1236683698.380:4331196): security_compute_sid:
invalid context
unconfined_u:unconfined_r:postfix_postdrop_t:s0 for
scontext=unconfined_u:unconfined_r:unconfined_mail_t:s0
tcontext=system_u:object_r:postfix_postdrop_exec_t:s0
tclass=process
Mar 10 11:14:58 mgmt sendmail[18952]: fatal: execvp /usr/sbin/postdrop:
Permission denied
newaliases:
Mar 10 11:11:40 mgmt kernel: [1385531.312381] type=1400
audit(1236683500.785:4331190): avc: denied { execute } for
pid=18945
comm="newaliases" name="postalias" dev=sda3 ino=632386
scontext=unconfined_u:unconfined_r:unconfined_mail_t:s0
tcontext=system_u:object_r:postfix_master_exec_t:s0 tclass=file
Mar 10 11:11:40 mgmt postfix/sendmail[18945]: fatal: execv
/usr/sbin/postalias: Permission denied
(although postalias /etc/aliases works fine, so there's a simple workaround).
Postfix processes are running as:
unconfined_u:system_r:postfix_master_t:s0 18254 ? Ss 0:00
/usr/lib/postfix/master
unconfined_u:system_r:postfix_pickup_t:s0 18260 ? S 0:00 pickup -l -t fifo
-u
unconfined_u:system_r:postfix_qmgr_t:s0 18261 ? S 0:00 qmgr -l -t fifo -u
I've removed and re-installed the default policy package as well as postfix
but without any success.
I suspect the error is on my part (unconfined_u looks bogus to me) due to
something I've done pre or during the upgrade, but I can't for the life of
me see what.
-Ronan
-- System Information:
Debian Release: 5.0
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.26-1-686 (SMP w/1 CPU core)
Locale: LANG=en_IE.UTF-8, LC_CTYPE=en_IE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages selinux-policy-default depends on:
ii libpam-modules 1.0.1-5 Pluggable Authentication Modules f
ii libselinux1 2.0.65-5 SELinux shared libraries
ii libsepol1 2.0.30-2 Security Enhanced Linux policy lib
ii policycoreutils 2.0.49-8 SELinux core policy utilities
ii python 2.5.2-3 An interactive high-level object-o
Versions of packages selinux-policy-default recommends:
ii checkpolicy 2.0.16-1 SELinux policy compiler
pn setools <none> (no description available)
Versions of packages selinux-policy-default suggests:
pn logcheck <none> (no description available)
pn syslog-summary <none> (no description available)
-- no debconf information
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
