Hi,
I just upgraded to Fedora 14 and got a significant amount of all sort of denials.
I thought maybe some relabeling went wrong - so I did it manually, just in case, didn't help much, still lots of issues.
I tried to post raw audit log, but got bounced from mail-list with "message too big"
Anyway, here is what audit2allow -R suggests
#============= chkpwd_t ==============
allow chkpwd_t self:capability sys_nice;
allow chkpwd_t self:process setsched;
files_list_tmp(chkpwd_t)
files_read_usr_symlinks(chkpwd_t)
#============= dovecot_auth_t ==============
allow dovecot_auth_t self:capability sys_nice;
allow dovecot_auth_t self:process setsched;
#============= dovecot_t ==============
allow dovecot_t self:capability sys_nice;
files_read_usr_symlinks(dovecot_t)
#============= nscd_t ==============
files_list_tmp(nscd_t)
files_read_usr_symlinks(nscd_t)
#============= saslauthd_t ==============
allow saslauthd_t self:capability sys_nice;
allow saslauthd_t self:process setsched;
files_read_usr_symlinks(saslauthd_t)
#============= spamd_t ==============
allow spamd_t admin_home_t:file { read ioctl open getattr append }; # spammers send e-mails to root@ , spamd needs to create working files in /root/
allow spamd_t self:capability sys_nice;
kernel_list_unlabeled(spamd_t) # razor and pyzor contexts gone
kernel_read_unlabeled_state(spamd_t) # same
userdom_read_user_home_content_files(spamd_t) # changed boolean spamd_enable_home_dirs
Thanks,
Vadym
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
