Every time mail is processed, the next message shows up in /var/log/audit/audit.log
Code: Select all
type=AVC msg=audit(1582944114.367:529105): avc: denied { getattr } for pid=8630 comm=4D61696C5363616E6E65723A207374 path="/var/www/html/mailscanner/temp/GeoLite2-Country.mmdb" dev="dm-2" ino=50464433 scontext=system_u:system_r:mscan_t:s0 tcontext=system_u:object_r:httpd_sys_rw_content_t:s0 tclass=file permissive=0
type=SYSCALL msg=audit(1582944114.367:
Code: Select all
ls -lZ /var/www/html/mailscanner/temp/GeoLite2-Country.mmdb
-rw-r--r--. php-fpm php-fpm system_u:object_r:httpd_sys_rw_content_t:s0 /var/www/html/mailscanner/temp/GeoLite2-Country.mmdb
Code: Select all
ausearch -m 'AVC' --raw | audit2allow -M my-geo
Code: Select all
module my-geo 1.0;
require {
type mscan_t;
type chkpwd_t;
type systemd_timedated_t;
type httpd_sys_rw_content_t;
type httpd_sys_content_t;
type httpd_sys_script_t;
type postfix_local_t;
class dir { getattr search };
class file { getattr read };
}
#============= httpd_sys_script_t ==============
allow httpd_sys_script_t chkpwd_t:file read;
allow httpd_sys_script_t postfix_local_t:dir getattr;
allow httpd_sys_script_t systemd_timedated_t:dir search;
#============= mscan_t ==============
allow mscan_t httpd_sys_content_t:file getattr;
#!!!! The file '/var/www/html/mailscanner/temp/GeoLite2-Country.mmdb' is mislabeled on your system.
#!!!! Fix with $ restorecon -R -v /var/www/html/mailscanner/temp/GeoLite2-Country.mmdb
allow mscan_t httpd_sys_rw_content_t:file getattr;
Code: Select all
semanage permissive -a mscan_t