Re: Postfix avc (SELinux)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 12/04/2014 03:22 PM, James B. Byrne wrote:
> On Thu, December 4, 2014 12:29, James B. Byrne wrote:
>> Re: SELinux. Do I just build a local policy or is there some boolean setting
>> needed to handle this?  I could not find one if there is but. . .
>>
> Anyone see any problem with generating a custom policy consisting of the
> following?
>
> grep avc /var/log/audit/audit.log | audit2allow
>
>
> #============= amavis_t ==============
> allow amavis_t shell_exec_t:file execute;
> allow amavis_t sysfs_t:dir search;
>
> #============= clamscan_t ==============
> allow clamscan_t amavis_spool_t:dir read;
In the latest rhel6 policies amavas_t and clamscan_t have been merged
into antivirus_t?  Is you selinux-policy up 2 date?
> #============= logwatch_mail_t ==============
> allow logwatch_mail_t usr_t:lnk_file read;
>
> #============= postfix_master_t ==============
> allow postfix_master_t tmp_t:dir read;
>
> #============= postfix_postdrop_t ==============
> allow postfix_postdrop_t tmp_t:dir read;
>
> #============= postfix_showq_t ==============
> allow postfix_showq_t tmp_t:dir read;
Any reason postfix would be listing the contents of /tmp or /var/tmp? 
Did you put some content into these directories that have something to
do with mail?
> #============= postfix_smtp_t ==============
> allow postfix_smtp_t postfix_spool_maildrop_t:file { read write getattr };
>
>

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos




[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux