On 09/28/2015 10:34 PM, Bruno Wolff III wrote: > I have a problem in F23 (that wasn't in F22), where getmail (or its feed > into qmail) doesn't work in enforcing mode. I first tried using > audit2allow to whitelist all of the avcs. Could you attach them? There could be also a selinux_err message in audit.log. That didn't work. Then I used > semodule -DB in case there was a don't audit rule and then used > audit2allow again to get the data for a local semodule and it still > didn't work. I am seeing a user avc in the logs, that I suspect isn't > getting handled by audit2allow, but I am not sure how to say its OK or > change things so I don't hit it: > type=USER_AVC msg=audit(1443471901.485:584): pid=1 uid=0 auid=4294967295 > ses=4294967295 subj=system_u:system_r:init_t:s0 msg='Unknown permission > stop for class system exe="/usr/lib/systemd/systemd" sauid=0 hostname=? > addr=? terminal=?' > > I tried searching for some of the text, but I didn't find any relevant > references. > -- > selinux mailing list > selinux@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/selinux -- Miroslav Grepl Senior Software Engineer, SELinux Solutions Red Hat, Inc. -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
