Thanks Laurent. You obviously know a LOT more about SELinux than I. I
pretty much just use commands and not build policies. So I need some
more information here.
From what you provided below, how do I determine what is currently in
place and how do I add your stuff (changing postgresql with mysql, nat.)
thanks
On 04/25/2017 10:26 AM, Laurent Wandrebeck wrote:
Le mardi 25 avril 2017 à 10:04 +0200, Robert Moskowitz a écrit :
I thought I had this fixed, but I do not. I was away from this problem
working on other matters, and came back (after a reboot) and it is still
there, so I suspect when I thought I had it 'fixed' I was running with
setenforce 0 from another problem (that is fixed).
So anyone know how to get dovecot dict connecting to mysql when
enforcing? Googling is not finding any real help.
Hi,
I’ve got some « tweaking » here (using postgresql, obviously) so that
dovecot runs properly with SELinux enabled,
HTH,
Laurent.
module mydovecot 1.0;
require {
type dovecot_auth_t;
type postgresql_port_t;
type dovecot_t;
type var_t;
type postfix_virtual_tmp_t;
class tcp_socket name_connect;
class file { rename read lock create write getattr link unlink
open append };
class dir { read write create add_name remove_name };
}
#============= dovecot_auth_t ==============
#!!!! This avc is allowed in the current policy
allow dovecot_auth_t postgresql_port_t:tcp_socket name_connect;
#============= dovecot_t ==============
#!!!! This avc is allowed in the current policy
allow dovecot_t postfix_virtual_tmp_t:file { rename write unlink open
link };
allow dovecot_t var_t:dir create;
#!!!! This avc is allowed in the current policy
allow dovecot_t var_t:dir { read write add_name remove_name };
#!!!! This avc is allowed in the current policy
allow dovecot_t var_t:file { rename read lock create write getattr link
unlink open append };
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
