On 05/27/2014 12:55 PM, aragonx@xxxxxxxxxx wrote: > > Hi, > > So I'm trying to get milter-greylist working with > selinux > and I seem to have a problem. It doesn't seem to know > what > milter-greylist is trying to access so I can't add a rule to fix > it. > Here is what I see in /var/log/message when I try to run > systemctl start > milter-greylist > > May 27 12:47:07 dcsnow > setroubleshoot: SELinux > is preventing /usr/sbin/milter-greylist from > remove_name access on the > directory . For complete SELinux messages. > run sealert -l > f008afda-b837-4a7a-ad4e-80562d4ef31c > May 27 > 12:47:07 dcsnow python: > SELinux is preventing > /usr/sbin/milter-greylist from remove_name access on > the directory > . > > ***** Plugin catchall_labels (83.8 > confidence) > suggests  ******************* > > If you > want to > allow milter-greylist to have remove_name access on the > directory > Then you need to change the label on > $FIX_TARGET_PATH/>Do > # semanage fcontext -a -t FILE_TYPE > '$FIX_TARGET_PATH'/>where FILE_TYPE is one of the following: > greylist_milter_data_t, > var_run_t. > Then execute: > restorecon > -v '$FIX_TARGET_PATH'/> > > ***** Plugin catchall (17.1 > confidence) > suggests  ************************** > > If you believe > that milter-greylist should be allowed remove_name > access on the > directory by default. > Then you should report > this as a bug. > You > can generate a local policy module to allow > this access. > Do/>allow this access for now by executing: > # > grep milter-greylist > /var/log/audit/audit.log | audit2allow -M > mypol > # semodule -i > mypol.pp > > > In audit.log I > see: > > type=AVC > msg=audit(1401209226.129:1909): avc: > denied { remove_name } > for pid=8467 > comm="milter-greylist" > name="milter-greylist.sock" dev="sda6" ino=652403 > scontext=system_u:system_r:greylist_milter_t:s0 > tcontext=unconfined_u:object_r:var_t:s0 tclass=dir > > Any ideas > on > how I go about finding out what needs to happen here? > > Thanks in > advance for your help. > > --- > Will Y. > > > Looks like the milter-greylist.sock is mislabeled. What directory is it in? Why isn't it in /run? -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org