On 01/23/2014 01:55 PM, Daniel J Walsh wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 01/23/2014 01:54 PM, Robert Moskowitz wrote:
On 01/23/2014 08:38 AM, Daniel J Walsh wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 01/22/2014 11:07 PM, Robert Moskowitz wrote:
I am seeing the following errors via "journalctl |grep logwatch":
I had performed the following selinux policy:
On 01/06/2014 08:14 AM, Daniel J Walsh wrote:
Create a file mylogwatch.te with the following content.
policy_module(mylogwatch, 1.0) gen_require(` type logwatch_mail_t;
')
mta_filetrans_admin_home_content(logwatch_mail_t)
Now execute this command to compile the policy and load it into the
kernel
# make -f /usr/share/selinux/devel/Makefile # semodule -i
mylogwatch.pp
Now you should be allowed to run logwatch_mail_t in enforcing mode.
What do these messages mean?
They mean that logwatch is not allowed to execute the procmail program.
You could add policy for it.
Obvious. hindsight is just great!
procmail_domtrans(logwatch_t)
I am looking at what you gave me before:
#cat mylogwatch.te policy_module(mylogwatch, 1.0) gen_require(` type
logwatch_mail_t; ')
mta_filetrans_admin_home_content(logwatch_mail_t)
--------------------
Would mylogwprocmail.te contain:
policy_module(mylogwprocmail, 1.0) gen_require(` type logwatch_t; ')
procmail_domtrans(logwatch_t)
???????????????????
Yes basically.
Did it, now to wait until the next logwatch run.
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
