Re: Postfix avc (SELinux)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Thu, December 4, 2014 12:29, James B. Byrne wrote:
>
> Re: SELinux. Do I just build a local policy or is there some boolean setting
> needed to handle this?  I could not find one if there is but. . .
>

Anyone see any problem with generating a custom policy consisting of the
following?

grep avc /var/log/audit/audit.log | audit2allow


#============= amavis_t ==============
allow amavis_t shell_exec_t:file execute;
allow amavis_t sysfs_t:dir search;

#============= clamscan_t ==============
allow clamscan_t amavis_spool_t:dir read;

#============= logwatch_mail_t ==============
allow logwatch_mail_t usr_t:lnk_file read;

#============= postfix_master_t ==============
allow postfix_master_t tmp_t:dir read;

#============= postfix_postdrop_t ==============
allow postfix_postdrop_t tmp_t:dir read;

#============= postfix_showq_t ==============
allow postfix_showq_t tmp_t:dir read;

#============= postfix_smtp_t ==============
allow postfix_smtp_t postfix_spool_maildrop_t:file { read write getattr };


-- 
***          E-Mail is NOT a SECURE channel          ***
James B. Byrne                mailto:ByrneJB@xxxxxxxxxxxxx
Harte & Lyne Limited          http://www.harte-lyne.ca
9 Brockley Drive              vox: +1 905 561 1241
Hamilton, Ontario             fax: +1 905 561 0757
Canada  L8E 3C3

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos




[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux