> On Fri, May 19, 2006 at 12:13:15PM -0500, Hongwei Li wrote:
>>
>> The problem is I need to re-do for local.te from time to time, and whenver I
>> run (after rebooting)
>> # audit2allow -M local < /var/log/audit/audit.log
>> the line
>>
>> allow httpd_t shadow_t:file { getattr read write };
>>
>> is automatically added to local.te -- [...]
>> How to fix the problem?
>
> How about something like this?
>
> audit2allow -l -i /var/log/audit/audit.log | grep -v shadow >> local.te
>
> --
> Kayvan A. Sylvan | Proud husband of | Father to my kids:
> Sylvan Associates, Inc. | Laura Isabella Sylvan, | Katherine Yelena (8/8/89)
I did and got:
# audit2allow -l -i /var/log/audit/audit.log | grep -v shadow >> local.te
# checkmodule -M -m -o local.mod local.te
checkmodule: loading policy configuration from local.te
(unknown source)::ERROR 'unknown type dovecot_auth_t' at token ';' on line 33:
allow procmail_t tmp_t:dir { search write };
allow dovecot_auth_t initrc_var_run_t:file { read write };
checkmodule: error(s) encountered while parsing configuration
I manually edit local.te to add a line
type dovecot_auth_t;
and run it again, then got
# checkmodule -M -m -o local.mod local.te
checkmodule: loading policy configuration from local.te
(unknown source)::ERROR 'unknown type initrc_var_run_t' at token ';' on line 34:
allow procmail_t tmp_t:dir { search write };
allow dovecot_auth_t initrc_var_run_t:file { read write };
checkmodule: error(s) encountered while parsing configuration
The line 34 is:
allow dovecot_auth_t initrc_var_run_t:file { read write };
What to do next? Thanks!
Hongwei
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
