Le mardi 25 avril 2017 à 10:39 +0200, Robert Moskowitz a écrit : > Thanks Laurent. You obviously know a LOT more about SELinux than I. I > pretty much just use commands and not build policies. So I need some > more information here. > > From what you provided below, how do I determine what is currently in > place and how do I add your stuff (changing postgresql with mysql, nat.) > > thanks Quick’n’(really) dirty SELinux howto: 1) Run the service. fails due to missing selinux policy. 2) grep service_pattern /var/log/audit/audit.log | audit2allow -M myservice_policy 3) do what output says. (semodule -i myservice_policy.pp normally) 4) goto 1. That way, you’ll create and allow step by step necessary rights so your service ends up running normaly. The content I gave you is from mydovecot.te (human readable version of .pp created by audit2allow). After a quick look at audit2allow man, it looks like you can get .pp by doing: make -f /usr/share/selinux/devel/Makefile myservice_policy.pp (it’ll look after myservice_policy.te in PWD). HTH, -- Laurent Wandrebeck <l.wandrebeck@xxxxxxxxxxxxxxx> _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx https://lists.centos.org/mailman/listinfo/centos
Re: NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: Re: NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql
- From: Laurent Wandrebeck <l.wandrebeck@xxxxxxxxxxxxxxx>
- Date: Tue, 25 Apr 2017 10:58:08 +0200
- Delivered-to: centos@xxxxxxxxxx
- In-reply-to: <d2fe72ba-ae73-1725-8fbd-c6d2939773fa@htt-consult.com>
- References: <d258efd8-7224-d1f2-a8f3-6517d0de2c26@htt-consult.com> <bb2c8563-ef99-82e3-e12c-dafb3b55e925@htt-consult.com> <1493108768.14481.19.camel@quelquesmots.fr> <d2fe72ba-ae73-1725-8fbd-c6d2939773fa@htt-consult.com>
- Follow-Ups:
- Re: NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql
- From: Gordon Messmer
- Re: NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql
- From: Robert Moskowitz
- Re: NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql
- References:
- SELinux policy to allow Dovecot to connect to Mysql
- From: Robert Moskowitz
- NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql
- From: Robert Moskowitz
- Re: NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql
- From: Laurent Wandrebeck
- Re: NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql
- From: Robert Moskowitz
- SELinux policy to allow Dovecot to connect to Mysql
- Prev by Date: Re: NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql
- Next by Date: Re: NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql
- Previous by thread: Re: NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql
- Next by thread: Re: NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql
- Index(es):
 |