Thanks for the advice. Will see what I can get done this evening.
On 04/26/2017 06:27 PM, Gordon Messmer wrote:
On 04/26/2017 12:29 AM, Robert Moskowitz wrote:
But the policy generates errors. I will have to submit a bug report,
it seems
A bug report would probably be helpful.
I'm looking back at the message you wrote describing errors in
ld-2.17.so. I think what's happening is that the policy on your
system includes a silent rule that somehow breaks your system. You'll
need to turn on debugging (logging the otherwise silent AVCs) to
figure this out, in order to provide information that the maintainers
can use to actually fix the problem.
So, similar to the previous process:
1: semodule -DB
2: setenforce permissive
3: tail -f /var/log/audit/audit.log | grep AVC
4: use the service, exercise each function that's constrained by the
existing policy
5: copy and paste the output from the terminal used for #2 into
"audit2allow -M <modulename>"
6: setenforce enforcing
7: semodule -B
You'll want to do this with your custom policy installed. In the
terminal that's following audit.log, you should now see AVCs logged
that you didn't before. Please send them to the list.
If you're only interested in resolving your problem, it should be
sufficient to build one new module with the AVCs logged here. If you
want to produce a useful bug report and fix the problem for the
future, for everyone, you need to first get back into enforcing mode
and THEN build a new module with each individual AVC, installing each
one and then testing dovecot, until you resolve the problem, and then
removing all of the other new modules until you confirm that you've
found one (or a minimal combination) of rules that is causing dovecot
to crash and log a backtrace.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
