Just to follow up with a summary on this . . .
Followed the email HowTo on the Centos wiki by installing postfix,
dovecot, postgrey, amavisd and setting up SSL/TLS.
Set selinux to permissive, targeted.
Sent many, many emails with attachments, spam, etc. to & from the box.
Removed previous selinux entries from audit.log.
The new policy was extracted with
cat new_audit.log|audit2allow -m local
module local 1.0;
require {
type traceroute_port_t;
type amavis_t;
type postfix_spool_t;
type clamd_t;
type amavis_var_lib_t;
type sysctl_kernel_t;
type var_t;
type postfix_smtpd_t;
type initrc_t;
type proc_t;
class unix_stream_socket connectto;
class file { read getattr };
class sock_file write;
class lnk_file { read create unlink getattr };
class udp_socket name_bind;
class dir { read search };
}
#============= amavis_t ==============
allow amavis_t amavis_var_lib_t:lnk_file { read create unlink getattr };
allow amavis_t traceroute_port_t:udp_socket name_bind;
#============= clamd_t ==============
allow clamd_t proc_t:file { read getattr };
allow clamd_t sysctl_kernel_t:dir search;
allow clamd_t sysctl_kernel_t:file read;
allow clamd_t var_t:dir read;
allow clamd_t var_t:file { read getattr };
#============= postfix_smtpd_t ==============
allow postfix_smtpd_t initrc_t:unix_stream_socket connectto;
allow postfix_smtpd_t postfix_spool_t:sock_file write;
Put the policy into effect with
cat new_audit.log|audit2allow -M local
semodule -i local.pp
Ran through all the same email tests.
selinux has not complained - yet.
--
Toby Bluhm
Alltech Medical Systems America, Inc.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
