Page 1 of 1

policy problem

PostPosted: Thu Jun 01, 2006 4:39 am
by osa
Hi

In the morning when I check the dmesg I see this error

grsec (root:U:/usr/lib/postfix/pickup) denied access to hidden file /dev/log by /usr/lib/postfix/pickup[pickup:13241] uid/euid:0/0 gid/egid:0/0, parent /usr/lib/postfix/master[master:1464] uid/euid:0/0 gid/egid:0/0

subject /usr/lib/postfix/pickup {
/ h
/dev/log rw
/etc r
/lib x
/lib/tls rx
/usr/lib rx
/usr/share r
/var/spool/postfix rw
bind disabled
connect disabled
-CAP_ALL
+CAP_SYS_CHROOT
+CAP_SETGID
+CAP_SETUID
}
subject /usr/lib/postfix/master {
/usr/lib/postfix/smtpd rx
/usr/lib/postfix/smtp rx
/usr/lib/postfix/proxymap rwx
/dev/log rw
/var/spool/postfix/public/pickup rw
/usr/lib/postfix/trivial-rewrite rwx
/var/spool/postfix/public/qmgr rw
/usr/lib/postfix/cleanup rx
/usr/lib/postfix/local rx
/usr/lib/postfix/bounce rx
/usr/lib/postfix/pickup rx
/usr/lib/postfix/flush rx
/usr/lib/postfix/qmgr rx
/usr/lib/postfix/master rx
/usr/lib/postfix/showq rx
-CAP_ALL
+CAP_SYS_RESOURCE
+CAP_SYS_ADMIN
+CAP_SETGID
+CAP_SETUID
bind disabled
connect disabled
}

pickup and master has rw permision to /dev/log,but still in log I have access denied, why? Any ideas?

osanet

PostPosted: Thu Jun 01, 2006 1:05 pm
by voron
Code: Select all
subject /usr/lib/postfix/pickup o {
....
}
subject /usr/lib/postfix/master o {
....
}