On 11/22/2010 02:07 PM, Vadym Chepkov wrote:
> Hi,
>
> I just upgraded to Fedora 14 and got a significant amount of all sort of denials.
> I thought maybe some relabeling went wrong - so I did it manually, just in case, didn't help much, still lots of issues.
> I tried to post raw audit log, but got bounced from mail-list with "message too big"
>
> Anyway, here is what audit2allow -R suggests
>
> #============= chkpwd_t ==============
> allow chkpwd_t self:capability sys_nice;
> allow chkpwd_t self:process setsched;
> files_list_tmp(chkpwd_t)
> files_read_usr_symlinks(chkpwd_t)
>
> #============= dovecot_auth_t ==============
> allow dovecot_auth_t self:capability sys_nice;
> allow dovecot_auth_t self:process setsched;
>
> #============= dovecot_t ==============
> allow dovecot_t self:capability sys_nice;
> files_read_usr_symlinks(dovecot_t)
> #============= nscd_t ==============
> files_list_tmp(nscd_t)
> files_read_usr_symlinks(nscd_t)
>
> #============= saslauthd_t ==============
> allow saslauthd_t self:capability sys_nice;
> allow saslauthd_t self:process setsched;
> files_read_usr_symlinks(saslauthd_t)
>
> #============= spamd_t ==============
> allow spamd_t admin_home_t:file { read ioctl open getattr append }; # spammers send e-mails to root@ , spamd needs to create working files in /root/
> allow spamd_t self:capability sys_nice;
> kernel_list_unlabeled(spamd_t) # razor and pyzor contexts gone
> kernel_read_unlabeled_state(spamd_t) # same
> userdom_read_user_home_content_files(spamd_t) # changed boolean spamd_enable_home_dirs
>
> Thanks,
> Vadym
>
> --
> selinux mailing list
> selinux@xxxxxxxxxxxxxxxxxxxxxxx
> https://admin.fedoraproject.org/mailman/listinfo/selinux
Vadym,
are you still getting all these AVC messages?
Some of these issues are known and some of these issues should be fixed
in the latest SELinux policy.
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
