On 12/04/2014 03:22 PM, James B. Byrne wrote: > On Thu, December 4, 2014 12:29, James B. Byrne wrote: >> Re: SELinux. Do I just build a local policy or is there some boolean setting >> needed to handle this? I could not find one if there is but. . . >> > Anyone see any problem with generating a custom policy consisting of the > following? > > grep avc /var/log/audit/audit.log | audit2allow > > > #============= amavis_t ============== > allow amavis_t shell_exec_t:file execute; > allow amavis_t sysfs_t:dir search; > > #============= clamscan_t ============== > allow clamscan_t amavis_spool_t:dir read; In the latest rhel6 policies amavas_t and clamscan_t have been merged into antivirus_t? Is you selinux-policy up 2 date? > #============= logwatch_mail_t ============== > allow logwatch_mail_t usr_t:lnk_file read; > > #============= postfix_master_t ============== > allow postfix_master_t tmp_t:dir read; > > #============= postfix_postdrop_t ============== > allow postfix_postdrop_t tmp_t:dir read; > > #============= postfix_showq_t ============== > allow postfix_showq_t tmp_t:dir read; Any reason postfix would be listing the contents of /tmp or /var/tmp? Did you put some content into these directories that have something to do with mail? > #============= postfix_smtp_t ============== > allow postfix_smtp_t postfix_spool_maildrop_t:file { read write getattr }; > > _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos