SELinux

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Manuel Wolfshant wrote:
> Ned Slider wrote:
>> Hi list,
>>
>> I've knocked up a contribution on SELinux here:
>>
>> http://wiki.centos.org/HowTos/SELinux
>>
>> I've tried to pitch it as an introduction for those not already 
>> familiar with SELinux but also hopefully a useful reference.
>>
>> I'm relatively new to SELinux and have covered pretty much everything 
>> I know to the limits of my limited knowledge. If folks think other 
>> material needs to be covered then it may be more appropriate for them 
>> to make the additions rather than me. Consider it a "get the ball 
>> rolling" contribution that the community can add to as necessary :)
>>
>> Comments welcomed,
> I would add the following just before "Sumamry" (in case one wants to 
> edit the rules suggested by audit2allow):
> 
>    Building module policy manually
> 
> 
> - grep sendmail /var/log/audit/audit.log | audit2allow -M postfix
> - while reviewing the generated postfix.te
> 
>    module local 1.0;
> 
>    require {
>            type httpd_log_t;
>            type postfix_postdrop_t;
>            class dir getattr;
>            class file { read getattr };
>    }
> 
>    #============= postfix_postdrop_t ==============
>    allow postfix_postdrop_t httpd_log_t:file getattr;
> 
> 

Wolfy,

Are you able to supply an example of the audit.log AVC message(s) that 
are used to create this .te policy? It might be useful to show the 
actual AVC error messages in explaining this process.

Thanks,

Ned

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Users]     [CentOS Virtualization]     [Linux Media]     [Asterisk]     [Netdev]     [X.org]     [Xfree86]     [Linux USB]     [Project Hail Cloud Computing]

  Powered by Linux