Sebastian Hennebrueder wrote: > Hello, > thank you for the nice solution you provided with Selinux. > > I have two issues: > > 1) > I use Centos 5.2 which clones Redhat Enterprise Linux. I use the > targeted policy. > > Postfix and dovecot shares the certicates. I solved the problem in a > way that I copied the certificates and set the corresponding context. > I don't like this approach. Alternatively I can use the normal > audit2allow approach to allow postfix access to dovecot or vice versa > but I would like not to give them this right. > The best solution is to create a new context which can be accessed by > both domains. > With the new module approach, how do I start to write a new context > type? It is probably simple but I don't find the way to start by reading > the documentation on the net. > > 2) > I am actually a Java developer running my own Linux server, so I am far > away from being a Linux expert. > My feeling is that the documentation is really hard to follow. > > It was hard to find out how to interpret the audit.log. The only > location to explain the different attributes seams to be >> http://seedit.sourceforge.net/doc/access_vectors/ >> <javascript:void(0);/*1221395834258*/> > But still some documented log entries would be fine, e.g. what does a > socket connect require, what does a search for the config file in /etc > require, ... > > I found the tip to use sealert -a on the > http://wiki.centos.org/HowTos/SELinux > <javascript:void(0);/*1221395813896*/> > > I found the statement do 'cat audit.log | audit2allow ...' but don't > trust the result somewhere. But well, if I shouldn't trust, I would > appreciate to analyse as well. > > Your wiki does note > http://people.redhat.com/dwalsh/SELinux/Presentations/ManageRHEL5.pdf > <javascript:void(0);/*1221395820244*/> which is a good resource after > having understood the basics > > The next page told me about sesearch, which is a very important tool IMHO. > http://www.durchmesser.ch/wiki/SELinux > <javascript:void(0);/*1221395840703*/> > > I still have no idea how to find information on the different macros > which where noted somewhere. > > From my beginner point of view, I noted my steps and resources on my > blog at http://www.laliluna.de/blog/ > > To summarize, I would appreciate a somehow more centralized complete > documentation, much more oriented to practical use cases. > > Best Regards > > Sebastian > > > -- > fedora-selinux-list mailing list > fedora-selinux-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/fedora-selinux-list Sebastian, I answered in my blog: http://danwalsh.livejournal.com/24147.html -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
