On 01/18/2013 12:11 AM, Jean-David Beyer wrote:
I have been running Red Hat Enterprise Linux since 2004, starting with
RHEL 3. Later I upgraded to RHEL 5. When I needed a new computer, I got
RHEL 6 to run on it.
RHEL 6 runs with SELinux turned on by default and it is presenting me
with oneproblem, but my /var/log/messages file indicates I have _a lot_
of others.
Now according to Red Hat's documentation, I should report these as bugs,
but that seems a bit extreme if it is just a misconfiguration problem.
Missing Type Enforcement rules are usually caused by bugs in SELinux
policy, and should be reported in Red Hat Bugzilla. For Red Hat
Enterprise Linux, create bugs against the Red Hat Enterprise Linux
product, and select the selinux-policy component. Include the output
of the audit2allow -w -a and audit2allow -a commands in such bug
reports.
Should I really do that? And if so, just how? How do I specify the
problem in a way to be useful?
One problem is that I have a shell script, run by cron that sends an
email with mailx to me (on the same machine). That means it is run by
root. And the mail fails when cron runs it. It is adding an attachment
and SELinux says it is denied. Now when I run it myself, but logged in
as root, the e-mail works. I do not specifically want to solve that
problem here, but I do need to now how to change the system policy file,
wherever it is, so I do not need to continually make little ones, say by
running stuff like this:
# grep boinc_client /var/log/audit/audit.log | audit2allow -M myboinc
# semodule -i myboinc.pp
I also wish to make the change, if they are really required, permanent.
Any advice?
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
Hi,
I believe we should collect all AVC msgs. Could you execute
# semanage permissive -a system_mail_t
which will make the domain as permissive. So nothing will be denied and
we will see AVC msgs in /var/log/audit/audit.log. Also I believe the
local policy is better than a rebuild of the policy package.
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
