Re: What to do when a selinux policy doesn't work?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Feb 26, 2021, at 17:16, hw <hw@xxxxxxxx> wrote:
> Ejabberd is supposed to expire files when they are older than desired, and selinux prevents it.  How can I solve this problem other than by disabling selinux or by deleting the files manually?

It’s possible that you are only capturing part of the process, such as a stat() before unlink(), so it still fails.  You need to capture the entire process.

Temporarily set it to permissive (setenforce Permissive) and let it do what it does (is there a way to force it?). Then you should use ausearch to find the AVCs over the time period when it ran, and pipe that into audit2allow.

HOWEVER...

There’s probably a better solution than blindly creating a module.  You need to figure out what the correct SELinux attribute to put on the directory so you don’t need a module.  

—
Jonathan Billings
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos




[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]


  Powered by Linux