Re: Using postfix w/ mimedefang's Unix socket
- On 12/3/11 7:15 AM, Wietse Venema wrote:
> Philip Prindeville:Could have sworn this SElinux issue was fixed a couple of years ago... it either regressed or the patch never made it downstream from Fedora to Centos.
>> Dec 2 20:32:54 localhost postfix/smtpd: warning: connect
>> to Milter service unix:/var/spool/MIMEDefang/mimedefang.sock:
>> Permission denied
> Does the error go away if you turn off SeLinux?
It goes away if I patch Mimedefang to fchmod() the UNIX socket to 0660, and put the postfix in the defang group, and add the following policy:
module postfix 1.0;
class dir search;
#============= postfix_smtpd_t ==============
allow postfix_smtpd_t spamd_var_run_t:dir search;
Bugs (with fixes) have been filed against both issues.