The audit logs report several AVC messages:
Code: Select all
type=AVC msg=audit(1515014658.505:430144): avc: denied { ioctl } for pid=91728 comm="check_mailq" path="socket:[11196285]" dev="sockfs" ino=11196285 scontext=system_u:system_r:nagios_mail_plugin_t:s0-s0:c0.c1023 tcontext=system_u:system_r:inetd_t:s0-s0:c0.c1023 tclass=tcp_socket
type=AVC msg=audit(1515014658.532:430145): avc: denied { getattr } for pid=91729 comm="mailq" path="socket:[11196285]" dev="sockfs" ino=11196285 scontext=system_u:system_r:system_mail_t:s0-s0:c0.c1023 tcontext=system_u:system_r:inetd_t:s0-s0:c0.c1023 tclass=tcp_socket
type=AVC msg=audit(1515014658.539:430146): avc: denied { getattr } for pid=91729 comm="postqueue" path="socket:[11196285]" dev="sockfs" ino=11196285 scontext=system_u:system_r:postfix_postqueue_t:s0-s0:c0.c1023 tcontext=system_u:system_r:inetd_t:s0-s0:c0.c1023 tclass=tcp_socket
Code: Select all
sudo setenforce 1
Everything is working -- I shouldn't complain! -- but there's clearly something I don't understand about SELinux and the AVC messages.