-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dirk H. Schulz wrote: > Paul, > > --On 6. November 2008 12:09:45 +0000 Paul Howarth <paul@xxxxxxxxxxxx> > wrote: > > - snip - > >> >> The SELinux denials that you're hitting now are probably dontaudit-ed in >> pollcy. You can turn off the dontaudit rules using: >> >> # semodule -BD >> >> and turn them back on using: >> >> # semodule -B > > Thanks for helping, that was my problem. > >> >> Be careful with policy generated from audit logs with dontaudit rules >> turned off to ensure that what you're allowing is actually necessary and >> not just unrelated noise. > > I have tried to use only those denials that seemed related to my problem > (that means they contained "mailq" and "postqueue"). No I have got this > working. > > There is another two newbie questions if you allow: > - loading a module with semodule -i - is this permanent or temporary > regarding reboots? I did not find any hint in web docs and man pages on > that. Yes they are permanent. > - since I have done this very careful step by step I now have lots of > .te and .pp files. Can I simply do ca "cat *.te > all.te" and recompile > it or is there a tool that generates a syntactically more compact .te file? > Well not exactly, you really can only have one policy_modules() line at the top, So you can edit your all.te and it would work. > Dirk > > > -- > fedora-selinux-list mailing list > fedora-selinux-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/fedora-selinux-list -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkkUVwwACgkQrlYvE4MpobOTygCePPBY34l7iG4DeyDnqpQTORvi LJEAnAgLxZAFoznhvNvs0UqtFZERybKn =5C2L -----END PGP SIGNATURE----- -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
