Leam,
----- Original Message -----
> From: "leam hall" <leamhall@xxxxxxxxx>
> To: selinux@xxxxxxxxxxxxxxxxxxxxxxx
> Sent: Friday, March 30, 2018 1:08:26 PM
> Subject: Newbie asking about first policy file
>
> Good morning!
>
> I'm trying to learn SELinux and reduce the number of alerts that refer
> to normal processes. Postfix is one of the biigies, here's what I've
> gotten so far. I'd appreciate critique.
>
This rule should already exist in the current policy to suppress the alerts
dontaudit postfix_domain kernel_t : system module_request ;
> Note that the file is hand transcribed, not cut and pasted. It does
> compile and install, so typographic errors are mine.
>
> ###
>
> module postfix 0.0.1;
> require {
> type kernel_t;
> type postfix_bounce_t;
> type postfix_master_t;
> type postfix_smtp_t;
> }
>
> allow postfix_bounce_t kernel_t:system module_request;
> allow postfix_master_t kernel_t;system module_request;
> allow postfix_smtp_t kernel_t:system module request;
>
> ###
>
If you are not using IPv6 then make Postfix use IPv4 only by setting the line 'inet_protocols' to ipv4 in /etc/postfix/main.cf
# Enable IPv4, and IPv6 if supported
inet_protocols = all
> Thanks!
>
> Leam
> _______________________________________________
> selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx
> To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
>
--
Simon Sekidde
gpg: 5848 958E 73BA 04D3 7C06 F096 1BA1 2DBF 94BC 377E
_______________________________________________
selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
