Paul,
--On 6. November 2008 12:09:45 +0000 Paul Howarth <paul@xxxxxxxxxxxx> wrote:
- snip -
The SELinux denials that you're hitting now are probably dontaudit-ed in
pollcy. You can turn off the dontaudit rules using:
# semodule -BD
and turn them back on using:
# semodule -B
Thanks for helping, that was my problem.
Be careful with policy generated from audit logs with dontaudit rules
turned off to ensure that what you're allowing is actually necessary and
not just unrelated noise.
I have tried to use only those denials that seemed related to my problem
(that means they contained "mailq" and "postqueue"). No I have got this
working.
There is another two newbie questions if you allow:
- loading a module with semodule -i - is this permanent or temporary
regarding reboots? I did not find any hint in web docs and man pages on
that.
- since I have done this very careful step by step I now have lots of .te
and .pp files. Can I simply do ca "cat *.te > all.te" and recompile it or
is there a tool that generates a syntactically more compact .te file?
Dirk
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
