On Fri, 07 Nov 2008 09:06:41 +0100 "Dirk H. Schulz" <dirk.schulz@xxxxxxxxxxxxx> wrote: > Paul, > > --On 6. November 2008 12:09:45 +0000 Paul Howarth <paul@xxxxxxxxxxxx> > wrote: > > - snip - > > > > > The SELinux denials that you're hitting now are probably > > dontaudit-ed in pollcy. You can turn off the dontaudit rules using: > > > ># semodule -BD > > > > and turn them back on using: > > > ># semodule -B > > Thanks for helping, that was my problem. > > > > > Be careful with policy generated from audit logs with dontaudit > > rules turned off to ensure that what you're allowing is actually > > necessary and not just unrelated noise. > > I have tried to use only those denials that seemed related to my > problem (that means they contained "mailq" and "postqueue"). No I > have got this working. > > There is another two newbie questions if you allow: > - loading a module with semodule -i - is this permanent or temporary > regarding reboots? I did not find any hint in web docs and man pages > on that. > - since I have done this very careful step by step I now have lots > of .te and .pp files. Can I simply do ca "cat *.te > all.te" and > recompile it or is there a tool that generates a syntactically more > compact .te file? Not sure; all I do in such cases is merge together the "require" clauses at the top and then all of the allow rules/interface calls just follow on all together as if it was just one regular file. Paul. -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
