Re: Problem with selinux and milter-greylist

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 05/27/2014 12:55 PM, aragonx@xxxxxxxxxx wrote:
>
> Hi,
>
> So I'm trying to get milter-greylist working with
> selinux
> and I seem to have a problem.  It doesn't seem to know
> what
> milter-greylist is trying to access so I can't add a rule to fix
> it. 
> Here is what I see in /var/log/message when I try to run
> systemctl start
> milter-greylist
>
> May 27 12:47:07 dcsnow
> setroubleshoot: SELinux
> is preventing /usr/sbin/milter-greylist from
> remove_name access on the
> directory . For complete SELinux messages.
> run sealert -l
> f008afda-b837-4a7a-ad4e-80562d4ef31c
> May 27
> 12:47:07 dcsnow python:
> SELinux is preventing
> /usr/sbin/milter-greylist from remove_name access on
> the directory
> .
>
> *****Â  Plugin catchall_labels (83.8
> confidence)
> suggests   *******************
>
> If you
> want to
> allow milter-greylist to have remove_name access on the 
> directory
> Then you need to change the label on
> $FIX_TARGET_PATH/>Do
> # semanage fcontext -a -t FILE_TYPE
> '$FIX_TARGET_PATH'/>where FILE_TYPE is one of the following:
> greylist_milter_data_t,
> var_run_t.
> Then execute:
> restorecon
> -v '$FIX_TARGET_PATH'/>
>
> *****Â  Plugin catchall (17.1
> confidence)
> suggests   **************************
>
> If you believe
> that milter-greylist should be allowed remove_name
> access on the 
> directory by default.
> Then you should report
> this as a bug.
> You
> can generate a local policy module to allow
> this access.
> Do/>allow this access for now by executing:
> #
> grep milter-greylist
> /var/log/audit/audit.log | audit2allow -M
> mypol
> # semodule -i
> mypol.pp
>
>
> In audit.log I
> see:
>
> type=AVC
> msg=audit(1401209226.129:1909): avc:Â 
> denied  { remove_name }
> for  pid=8467
> comm="milter-greylist"
> name="milter-greylist.sock" dev="sda6" ino=652403
> scontext=system_u:system_r:greylist_milter_t:s0
> tcontext=unconfined_u:object_r:var_t:s0 tclass=dir
>
> Any ideas
> on
> how I go about finding out what needs to happen here?
>
> Thanks in
> advance for your help.
>
> ---
> Will Y.
>
>
>
Looks like the milter-greylist.sock is mislabeled.  What directory is it
in?  Why isn't it in /run?


-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux