On Thu, December 4, 2014 12:29, James B. Byrne wrote: > > Re: SELinux. Do I just build a local policy or is there some boolean setting > needed to handle this? I could not find one if there is but. . . > Anyone see any problem with generating a custom policy consisting of the following? grep avc /var/log/audit/audit.log | audit2allow #============= amavis_t ============== allow amavis_t shell_exec_t:file execute; allow amavis_t sysfs_t:dir search; #============= clamscan_t ============== allow clamscan_t amavis_spool_t:dir read; #============= logwatch_mail_t ============== allow logwatch_mail_t usr_t:lnk_file read; #============= postfix_master_t ============== allow postfix_master_t tmp_t:dir read; #============= postfix_postdrop_t ============== allow postfix_postdrop_t tmp_t:dir read; #============= postfix_showq_t ============== allow postfix_showq_t tmp_t:dir read; #============= postfix_smtp_t ============== allow postfix_smtp_t postfix_spool_maildrop_t:file { read write getattr }; -- *** E-Mail is NOT a SECURE channel *** James B. Byrne mailto:ByrneJB@xxxxxxxxxxxxx Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3 _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos