-
Bug
-
Resolution: Unresolved
-
Normal
-
rhel-10.0
-
None
-
sst_security_selinux
-
ssg_security
-
13
-
QE ack
-
False
-
-
No
-
Pass
-
Unspecified Release Note Type - Unknown
What were you trying to do that didn't work?
CI test that is working on RHEL9 and Rawhide doesn't work on RHEL10
Seems to be related to/fixed by Fedora BZs:
Bug 2242898 - Please add support for the /etc/aliases.lmdb
Bug 2247848 - SELinux preventing Postfix from mapping LMDB databases
Please provide the package NVR for which bug is seen:
selinux-policy-40.13-1.el10.noarch
How reproducible:
Always
Steps to reproduce
- git clone https://src.fedoraproject.org/tests/cyrus-imapd.git
- cd cyrus-imapd/Sanity/basic
- 1minutetip rhel10
or: - tmt run -avvv execute --how tmt --interactive test --name . provision --how minute --image rhel10
Expected results
No failure
Actual results
May 06 05:04:22 prereserve-1mt-rhel-10.0-20240423.83-10344-2024-05-06-08-27 audit: PROCTITLE proctitle=736D747064002D6E00736D7470002D7400696E6574002D75002D730032 May 06 05:04:22 prereserve-1mt-rhel-10.0-20240423.83-10344-2024-05-06-08-27 postfix/smtpd[12779]: error: open database /etc/aliases.lmdb: Permission denied May 06 05:04:22 prereserve-1mt-rhel-10.0-20240423.83-10344-2024-05-06-08-27 postfix/smtpd[12779]: connect from localhost[::1] May 06 05:04:22 prereserve-1mt-rhel-10.0-20240423.83-10344-2024-05-06-08-27 postfix/smtpd[12779]: warning: lmdb:/etc/aliases is unavailable. open database /etc/aliases.lmdb: Permission denied May 06 05:04:22 prereserve-1mt-rhel-10.0-20240423.83-10344-2024-05-06-08-27 postfix/smtpd[12779]: warning: lmdb:/etc/aliases lookup error for "root@localhost" May 06 05:04:22 prereserve-1mt-rhel-10.0-20240423.83-10344-2024-05-06-08-27 postfix/smtpd[12779]: NOQUEUE: reject: RCPT from localhost[::1]: 451 4.3.0 <root@localhost>: Temporary lookup failure; from=<cyrus@prereserve-1mt-rhel-10.0-20240423.83-10344-2024-05-06-08-27> to=<root@localhost> proto=ESMTP helo=<prereserve-1mt-rhel-10.0-20240423.83-10344-2024-05-06-08-27>
# ausearch -c smtpd ---- time->Mon May 6 04:35:06 2024 type=PROCTITLE msg=audit(1714984506.705:568): proctitle=736D747064002D6E00736D7470002D7400696E6574002D75002D730032 type=SYSCALL msg=audit(1714984506.705:568): arch=c000003e syscall=9 success=no exit=-13 a0=0 a1=1000000 a2=1 a3=1 items=0 ppid=6743 pid=7881 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="smtpd" exe="/usr/libexec/postfix/smtpd" subj=system_u:system_r:postfix_smtpd_t:s0 key=(null) type=AVC msg=audit(1714984506.705:568): avc: denied { map } for pid=7881 comm="smtpd" path="/etc/aliases.lmdb" dev="vda2" ino=2172519 scontext=system_u:system_r:postfix_smtpd_t:s0 tcontext=system_u:object_r:etc_aliases_t:s0 tclass=file permissive=0 #
# grep denied audit.log | audit2allow #============= postfix_smtpd_t ============== #!!!! This avc can be allowed using the boolean 'domain_can_mmap_files' allow postfix_smtpd_t etc_aliases_t:file map; #
- links to