Centos
如何在 CentOS 上的 audit.log 中修復這個 dovecot SELinux 錯誤?
我在
/var/log/audit/audit.log
for中收到這些 SELinux 錯誤dovecot
。type=USER_AUTH msg=audit(1404794536.249:100679): user pid=28375 uid=0 auid=0 ses=2700 subj=unconfined_u:system_r:dovecot_auth_t:s0 msg='op=PAM:authentication acct="starrychloe" exe="/usr/libexec/dovecot/auth" hostname=99.99.99.99 addr=99.99.99.99 terminal=dovecot res=success' type=USER_ACCT msg=audit(1404794536.260:100680): user pid=28375 uid=0 auid=0 ses=2700 subj=unconfined_u:system_r:dovecot_auth_t:s0 msg='op=PAM:accounting acct="starrychloe" exe="/usr/libexec/dovecot/auth" hostname=99.99.99.99 addr=99.99.99.99 terminal=dovecot res=success' type=AVC msg=audit(1404794537.473:100681): avc: denied { read } for pid=30020 comm="imap" name="starrychloe" dev=xvde ino=152404 scontext=unconfined_u:system_r:dovecot_t:s0 tcontext=unconfined_u:object_r:home_root_t:s0 tclass=dir type=SYSCALL msg=audit(1404794537.473:100681): arch=c000003e syscall=2 success=no exit=-13 a0=7fc64f910eb0 a1=0 a2=0 a3=0 items=0 ppid=20321 pid=30020 auid=0 uid=502 gid=501 euid=502 suid=502 fsuid=502 egid=501 sgid=12 fsgid=501 tty=(none) ses=2700 comm="imap" exe="/usr/libexec/dovecot/imap" subj=unconfined_u:system_r:dovecot_t:s0 key=(null) type=USER_AUTH msg=audit(1404794537.925:100682): user pid=28375 uid=0 auid=0 ses=2700 subj=unconfined_u:system_r:dovecot_auth_t:s0 msg='op=PAM:authentication acct="starrychloe" exe="/usr/libexec/dovecot/auth" hostname=99.99.99.99 addr=99.99.99.99 terminal=dovecot res=success' type=USER_ACCT msg=audit(1404794537.935:100683): user pid=28375 uid=0 auid=0 ses=2700 subj=unconfined_u:system_r:dovecot_auth_t:s0 msg='op=PAM:accounting acct="starrychloe" exe="/usr/libexec/dovecot/auth" hostname=99.99.99.99 addr=99.99.99.99 terminal=dovecot res=success' type=USER_AUTH msg=audit(1404794553.944:100684): user pid=28375 uid=0 auid=0 ses=2700 subj=unconfined_u:system_r:dovecot_auth_t:s0 msg='op=PAM:authentication acct="starrychloe" exe="/usr/libexec/dovecot/auth" hostname=99.99.99.99 addr=99.99.99.99 terminal=dovecot res=success' type=USER_ACCT msg=audit(1404794553.954:100685): user pid=28375 uid=0 auid=0 ses=2700 subj=unconfined_u:system_r:dovecot_auth_t:s0 msg='op=PAM:accounting acct="starrychloe" exe="/usr/libexec/dovecot/auth" hostname=99.99.99.99 addr=99.99.99.99 terminal=dovecot res=success'
我試過
# sealert -a /tmp/dovecot5.log 100% donefound 1 alerts in /tmp/dovecot5.log -------------------------------------------------------------------------------- SELinux is preventing /usr/libexec/dovecot/imap from read access on the directory starrychloe. ***** Plugin catchall (100. confidence) suggests *************************** If you believe that imap should be allowed read access on the starrychloe directory by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep imap /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp
然後
# cat /tmp/dovecot5.log | audit2allow -M dovecot ******************** IMPORTANT *********************** To make this policy package active, execute: semodule -i dovecot.pp
哪個產生了
# cat dovecot.te module dovecot 1.0; require { type dovecot_t; type home_root_t; class dir read; } #============= dovecot_t ============== allow dovecot_t home_root_t:dir read;
但是我收到了這個錯誤
# semodule -i dovecot.pp libsepol.print_missing_requirements: dovecot's global requirements were not met: type/attribute dovecot_t (No such file or directory). libsemanage.semanage_link_sandbox: Link packages failed (No such file or directory). semodule: Failed!
這些是目錄的權限
# ls -dZ /home/starrychloe drwxr-xr-x. starrychloe starrychloe unconfined_u:object_r:home_root_t:s0 /home/starrychloe
我正在使用 CentOS 6.5。
您的主目錄的安全上下文是錯誤的。我不確定為什麼 setroubleshoot 沒有捕捉到這一點,但簡單的解決方法是修復安全上下文。
restorecon /home/starrychloe