Jeff Coffler wrote:
Is this an SELinux policy problem? How can I go about fixing this?
I'd prefer to run with SELinux enabled ...
# grep postfix_spool /var/log/message | audit2allow -M postfixpickup
# semodule -i postfixpickup.pp
Will fix it for now.
I will update policy to allow searching of this directory
Hmm, this didn't work ...
[root jeff]# grep postfix_spool /var/log/messages | audit2allow -M
postfixpickup
Generating type enforcment file: postfixpickup.te
Compiling policy
checkmodule -M -m -o postfixpickup.mod postfixpickup.te
semodule_package -o postfixpickup.pp -m postfixpickup.mod
******************** IMPORTANT ***********************
In order to load this newly created policy package into the kernel,
you are required to execute
semodule -i postfixpickup.pp
[root jeff]# semodule -i postfixpickup.pp
slimserver homedir /usr/local/slimserver or its parent directory
conflicts with a
defined context in /etc/selinux/targeted/contexts/files/file_contexts,
/usr/sbin/genhomedircon will not create a new context.
[root jeff]# grep -i slim
/etc/selinux/targeted/contexts/files/file_contexts
[root jeff]#
I'm not sure why it's complaining about slimserver since there's no
"slim" in that file. I could deinstall that to do the semodule
command, then reinstall. Or I could wait until you guys push out the
next SELinux policy, then enable SELinux.
Suggestions?
Thanks!
-- Jeff
Is there a password entry for slimserver? If yes make sure it has a
shell of /sbin/nologin or /bin/false. Then you can run genhomedircon
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
