Hi


I am puzzled with a particular SELinux policy configuration,
concerning saslauthd.

OS: Fedora Core 4.0 (2.6.11-1.1369_FC4smp)
Kernel-Ext: SELinux (Policy: 1.27.1)



I am running postfix, authentication enabled via saslauthd.
The smtp-setup works fine if I disable the policy (targeted)
using
Code:
# setenforce 0

If I enable the policy
Code:
# setenforce 1
authentication fails and I get the following error message:

Code:
type=AVC msg=audit(...:15424395): avc:  denied  { create } for  pid=6819 comm="saslauthd" scontext=root:system_r:saslauthd_t tcontext=root:system_r:saslauthd_t tclass=unix_dgram_socket
type=SYSCALL msg=audit(...:15424395): arch=40000003 syscall=102 success=no exit=-13 a0=1 a1=bfd7c5f0 a2=235ff4 a3=82e0634 items=0 pid=6819 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="saslauthd" exe="/usr/sbin/saslauthd"
type=SOCKETCALL msg=audit(...:15424395): nargs=3 a0=1 a1=2 a2=0
However, if I check saslauthd.te, the creation of a unix_dgram_socket should be allowed
Code:
auditallow saslauthd_t self:unix_dgram_socket create_socket_perms;
(I modified the original file with auditallow).


Obviously, there is something I do not understand. Any hints/ideas?

Thanks &
Cheers