On 06/27/2010 11:10 PM, Daniel B. Thurman wrote:
>
> I know that F8 is no longer supported, but I would like
> to know the steps to add my own "pass through" for
> the milter-graylist milter. I basically cannot start sendmail
> without the allowing AVC on the milter's socket.
>
> From: /var/log/audit/audit.log, I have:
>
> type=AVC msg=audit(1277670351.513:52178): avc: denied { getattr } for
> pid=30048 comm="sendmail"
> path="/var/run/milter-greylist/milter-greylist.sock" dev=sda3
> ino=4114571 scontext=unconfined_u:system_r:sendmail_t:s0
> tcontext=unconfined_u:object_r:var_run_t:s0 tclass=sock_file
>
> Thanks!
> Dan
Do you have the milter module installed (i suspect not):
> $ semodule -l | grep milter
> milter 1.2.0
If you do not have it installed, then i guess you would need to back
port it to f8 and install it there.
Then allow sendmail to (atleast) get attributes of milter pid sockets.
> --
> selinux mailing list
> selinux@xxxxxxxxxxxxxxxxxxxxxxx
> https://admin.fedoraproject.org/mailman/listinfo/selinux
Attachment:
signature.asc
Description: OpenPGP digital signature
-- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
