On 08/12/2008 07:12 PM, Ned Slider wrote: > Manuel Wolfshant wrote: >> Ned Slider wrote: >>> Hi list, >>> >>> I've knocked up a contribution on SELinux here: >>> >>> http://wiki.centos.org/HowTos/SELinux >>> >>> I've tried to pitch it as an introduction for those not already >>> familiar with SELinux but also hopefully a useful reference. >>> >>> I'm relatively new to SELinux and have covered pretty much >>> everything I know to the limits of my limited knowledge. If folks >>> think other material needs to be covered then it may be more >>> appropriate for them to make the additions rather than me. Consider >>> it a "get the ball rolling" contribution that the community can add >>> to as necessary :) >>> >>> Comments welcomed, >> I would add the following just before "Sumamry" (in case one wants to >> edit the rules suggested by audit2allow): >> >> Building module policy manually >> >> >> - grep sendmail /var/log/audit/audit.log | audit2allow -M postfix >> - while reviewing the generated postfix.te >> >> module local 1.0; >> >> require { >> type httpd_log_t; >> type postfix_postdrop_t; >> class dir getattr; >> class file { read getattr }; >> } >> >> #============= postfix_postdrop_t ============== >> allow postfix_postdrop_t httpd_log_t:file getattr; >> >> > > Wolfy, > > Are you able to supply an example of the audit.log AVC message(s) that > are used to create this .te policy? It might be useful to show the > actual AVC error messages in explaining this process. > > Thanks, here you are. I hope I have not trashed anything valuable but most of the info must be here PS, for those who might be tempted to comment about the kernel version: I already know what you want to say. -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: ned.txt URL: <http://lists.centos.org/pipermail/centos-docs/attachments/20080812/a15e87bd/attachment-0004.txt>