From: dominick.grift@gmail.com (Dominick Grift) Date: Mon, 11 Mar 2013 09:24:32 +0100 Subject: [refpolicy] [PATCH 5/6] Denial in mail log on node bind In-Reply-To: <1362927170-31116-6-git-send-email-sven.vermeulen@siphos.be> References: <1362927170-31116-1-git-send-email-sven.vermeulen@siphos.be> <1362927170-31116-6-git-send-email-sven.vermeulen@siphos.be> Message-ID: <1362990272.8756.3.camel@d30> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Sun, 2013-03-10 at 15:52 +0100, Sven Vermeulen wrote: > When mails are sent to an IPv6-enabled server, the following denial is otherwise > shown in the mail logs: > > postfix/smtp[7620]: warning: smtp_connect_addr: bind : Permission denied > Merged. The original gentoo bugzilla here has additional details of this event: https://bugs.gentoo.org/show_bug.cgi?id=453990 Thanks > Signed-off-by: Sven Vermeulen > --- > postfix.te | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/postfix.te b/postfix.te > index 191a66f..dd59b2a 100644 > --- a/postfix.te > +++ b/postfix.te > @@ -702,6 +702,8 @@ allow postfix_smtp_t { postfix_prng_t postfix_spool_t }:file rw_file_perms; > > rw_files_pattern(postfix_smtp_t, postfix_spool_maildrop_t, postfix_spool_maildrop_t) > > +corenet_tcp_bind_generic_node(postfix_smtp_t) > + > optional_policy(` > cyrus_stream_connect(postfix_smtp_t) > ')