Re: NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Le mardi 25 avril 2017 à 10:39 +0200, Robert Moskowitz a écrit :
> Thanks Laurent.  You obviously know a LOT more about SELinux than I.  I 
> pretty much just use commands and not build policies.  So I need some 
> more information here.
> 
>  From what you provided below, how do I determine what is currently in 
> place and how do I add your stuff (changing postgresql with mysql, nat.)
> 
> thanks

Quick’n’(really) dirty SELinux howto:
1) Run the service. fails due to missing selinux policy.
2) grep service_pattern /var/log/audit/audit.log | audit2allow -M
myservice_policy
3) do what output says. (semodule -i myservice_policy.pp normally)
4) goto 1. That way, you’ll create and allow step by step necessary
rights so your service ends up running normaly.

The content I gave you is from mydovecot.te (human readable version
of .pp created by audit2allow).

After a quick look at audit2allow man, it looks like you can get .pp by
doing:
make -f /usr/share/selinux/devel/Makefile myservice_policy.pp (it’ll
look after myservice_policy.te in PWD).

HTH,
-- 
Laurent Wandrebeck <l.wandrebeck@xxxxxxxxxxxxxxx>

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos




[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux