"David Highley wrote:"
>
> module myprocmail 1.0;
>
> require {
> type quota_db_t;
> type etc_aliases_t;
> type procmail_t;
> type admin_home_t;
> type spamc_t;
> type shadow_t;
> class file { getattr read open append lock };
> class dir { getattr read open write };
> class capability { dac_read_search dac_override };
> }
>
> #============= procmail_t ==============
> allow procmail_t etc_aliases_t:file { getattr read open };
> allow procmail_t quota_db_t:file { getattr append open lock };
> allow procmail_t admin_home_t:dir write;
> allow procmail_t admin_home_t:file open;
> allow spamc_t self:capability { dac_read_search dac_override };
> allow spamc_t shadow_t:file read;
>
>
> Then everytime we do a restorecon -vR for a home directory we get the
> following and if you repeat the command you will get the same output.
> We did do, semanage fcontext -a -e /home /export/home, so selinux knows
> that this is a home directory structure for NFS automounting.
>
> restorecon -vR /export/home/chighley
> restorecon reset /export/home/chighley/.pyzor context
> system_u:object_r:spamc_home_t:s0->system_u:object_r:pyzor_home_t:s0
> restorecon reset /export/home/chighley/.pyzor/servers context
> system_u:object_r:spamc_home_t:s0->system_u:object_r:pyzor_home_t:s0
> restorecon reset /export/home/chighley/.razor context
> unconfined_u:object_r:spamc_home_t:s0->unconfined_u:object_r:razor_home_t:s0
> restorecon reset /export/home/chighley/.razor/identity context
> unconfined_u:object_r:spamc_home_t:s0->unconfined_u:object_r:razor_home_t:s0
> restorecon reset /export/home/chighley/.razor/razor-agent.log context
> unconfined_u:object_r:spamc_home_t:s0->unconfined_u:object_r:razor_home_t:s0
> restorecon reset
> /export/home/chighley/.razor/server.c101.cloudmark.com.conf context
> unconfined_u:object_r:spamc_home_t:s0->unconfined_u:object_r:razor_home_t:s0
> restorecon reset
> /export/home/chighley/.razor/server.c102.cloudmark.com.conf context
> unconfined_u:object_r:spamc_home_t:s0->unconfined_u:object_r:razor_home_t:s0
> restorecon reset
> /export/home/chighley/.razor/server.c103.cloudmark.com.conf context
> unconfined_u:object_r:spamc_home_t:s0->unconfined_u:object_r:razor_home_t:s0
> restorecon reset
> /export/home/chighley/.razor/server.c104.cloudmark.com.conf context
> unconfined_u:object_r:spamc_home_t:s0->unconfined_u:object_r:razor_home_t:s0
> restorecon reset
> /export/home/chighley/.razor/server.c105.cloudmark.com.conf context
> unconfined_u:object_r:spamc_home_t:s0->unconfined_u:object_r:razor_home_t:s0
> restorecon reset
> /export/home/chighley/.razor/server.c118.cloudmark.com.conf context
> unconfined_u:object_r:spamc_home_t:s0->unconfined_u:object_r:razor_home_t:s0
> restorecon reset
> /export/home/chighley/.razor/server.c121.cloudmark.com.conf context
> unconfined_u:object_r:spamc_home_t:s0->unconfined_u:object_r:razor_home_t:s0
> restorecon reset
> /export/home/chighley/.razor/server.c122.cloudmark.com.conf context
> unconfined_u:object_r:spamc_home_t:s0->unconfined_u:object_r:razor_home_t:s0
> restorecon reset
> /export/home/chighley/.razor/server.c123.cloudmark.com.conf context
> unconfined_u:object_r:spamc_home_t:s0->unconfined_u:object_r:razor_home_t:s0
> restorecon reset
> /export/home/chighley/.razor/server.c301.cloudmark.com.conf context
> unconfined_u:object_r:spamc_home_t:s0->unconfined_u:object_r:razor_home_t:s0
> restorecon reset
> /export/home/chighley/.razor/server.c302.cloudmark.com.conf context
> unconfined_u:object_r:spamc_home_t:s0->unconfined_u:object_r:razor_home_t:s0
> restorecon reset
> /export/home/chighley/.razor/server.c303.cloudmark.com.conf context
> unconfined_u:object_r:spamc_home_t:s0->unconfined_u:object_r:razor_home_t:s0
> restorecon reset
> /export/home/chighley/.razor/server.c304.cloudmark.com.conf context
> unconfined_u:object_r:spamc_home_t:s0->unconfined_u:object_r:razor_home_t:s0
> restorecon reset
> /export/home/chighley/.razor/server.c305.cloudmark.com.conf context
> unconfined_u:object_r:spamc_home_t:s0->unconfined_u:object_r:razor_home_t:s0
> restorecon reset
> /export/home/chighley/.razor/server.folly.cloudmark.com.conf context
> unconfined_u:object_r:spamc_home_t:s0->unconfined_u:object_r:razor_home_t:s0
> restorecon reset
> /export/home/chighley/.razor/server.joy.cloudmark.com.conf context
> unconfined_u:object_r:spamc_home_t:s0->unconfined_u:object_r:razor_home_t:s0
> restorecon reset
> /export/home/chighley/.razor/server.n001.cloudmark.com.conf context
> unconfined_u:object_r:spamc_home_t:s0->unconfined_u:object_r:razor_home_t:s0
> restorecon reset
> /export/home/chighley/.razor/server.n002.cloudmark.com.conf context
> unconfined_u:object_r:spamc_home_t:s0->unconfined_u:object_r:razor_home_t:s0
> restorecon reset
> /export/home/chighley/.razor/server.n003.cloudmark.com.conf context
> unconfined_u:object_r:spamc_home_t:s0->unconfined_u:object_r:razor_home_t:s0
> restorecon reset
> /export/home/chighley/.razor/server.n004.cloudmark.com.conf context
> unconfined_u:object_r:spamc_home_t:s0->unconfined_u:object_r:razor_home_t:s0
> restorecon reset /export/home/chighley/.razor/servers.catalogue.lst
> context
> unconfined_u:object_r:spamc_home_t:s0->unconfined_u:object_r:razor_home_t:s0
> restorecon reset /export/home/chighley/.razor/servers.discovery.lst
> context
> unconfined_u:object_r:spamc_home_t:s0->unconfined_u:object_r:razor_home_t:s0
> restorecon reset /export/home/chighley/.razor/servers.nomination.lst
> context
> unconfined_u:object_r:spamc_home_t:s0->unconfined_u:object_r:razor_home_t:s0
> restorecon reset /export/home/chighley/.razor/servers.catalogue.lst.lock
> context
> system_u:object_r:spamc_home_t:s0->system_u:object_r:razor_home_t:s0
> restorecon reset
> /export/home/chighley/.razor/servers.nomination.lst.lock context
> system_u:object_r:spamc_home_t:s0->system_u:object_r:razor_home_t:s0
> --
> selinux mailing list
> selinux@xxxxxxxxxxxxxxxxxxxxxxx
> https://admin.fedoraproject.org/mailman/listinfo/selinux
>
Another thing we just noticed in sending this email. The sent file did
not get a copy of this email, I know it ancient but light weight across
the wide network, sent by elm. No avc thrown so we suspect were not
seeing all the issues.
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
