我在 Fedora 15 上启用了 selinux 强制模式,并且能够让 apache、mysql 和 memcached 正常工作,但无法让 postfix 运行。
我收到以下错误:
systemd[1]: Unit postfix.service entered failed state.
kernel: [146194.117602] type=1400 audit(1318924444.361:3809): avc: denied { module_request } for pid=15447 comm="postfix" kmod="net-pf-10" scontext=system_u:system_r:postfix_master_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=system
kernel: [146194.145456] type=1400 audit(1318924444.389:3810): avc: denied { module_request } for pid=15452 comm="master" kmod="net-pf-10" scontext=system_u:system_r:postfix_master_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=system
kernel: [146194.146585] type=1400 audit(1318924444.390:3811): avc: denied { module_request } for pid=15452 comm="master" kmod="net-pf-10" scontext=system_u:system_r:postfix_master_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=system
kernel: [146194.390715] type=1400 audit(1318924444.633:3812): avc: denied { module_request } for pid=15479 comm="postsuper" kmod="net-pf-10" scontext=system_u:system_r:postfix_master_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=system
kernel: [146194.451670] type=1400 audit(1318924444.694:3813): avc: denied { module_request } for pid=15516 comm="postlog" kmod="net-pf-10" scontext=system_u:system_r:postfix_master_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=system
kernel: [146194.459587] type=1400 audit(1318924444.702:3814): avc: denied { module_request } for pid=15517 comm="master" kmod="net-pf-10" scontext=system_u:system_r:postfix_master_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=system
kernel: [146194.460786] type=1400 audit(1318924444.703:3815): avc: denied { module_request } for pid=15517 comm="master" kmod="net-pf-10" scontext=system_u:system_r:postfix_master_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=system
systemd[1]: PID 15517 read from file /var/spool/postfix/pid/master.pid does not exist. Your service or init script might be broken.
systemd[1]: postfix.service: main process exited, code=exited, status=1
已完成以下步骤:
- 我重新安装了 postfix
- 创建 .autorelable 并重启
- restorecon -R -v /etc/postfix restorecon -R -v /var/lib/postfix
有人能告诉我我做错了什么吗?
更新 事实证明,我们必须在 main.cf 中禁用 ipv6,这些错误就会消失。
谢谢
答案1
如果您需要启用 ipv6,解决此问题的方法是根据以下错误构建并安装自定义 SELinux 策略:
# grep postfix_master /var/log/audit/audit.log | audit2allow -m postfixCustom > postfix.te
# checkmodule -M -m -o postfix.mod postfix.te
# semodule_package -m postfix.mod -o postfix.pp
# semodule -i postfix.pp