On 12/04/2014 03:22 PM, James B. Byrne wrote:
On Thu, December 4, 2014 12:29, James B. Byrne wrote:
Re: SELinux. Do I just build a local policy or is there some boolean setting needed to handle this? I could not find one if there is but. . .
Anyone see any problem with generating a custom policy consisting of the following?
grep avc /var/log/audit/audit.log | audit2allow
#============= amavis_t ============== allow amavis_t shell_exec_t:file execute; allow amavis_t sysfs_t:dir search;
#============= clamscan_t ============== allow clamscan_t amavis_spool_t:dir read;
In the latest rhel6 policies amavas_t and clamscan_t have been merged into antivirus_t? Is you selinux-policy up 2 date?
#============= logwatch_mail_t ============== allow logwatch_mail_t usr_t:lnk_file read;
#============= postfix_master_t ============== allow postfix_master_t tmp_t:dir read;
#============= postfix_postdrop_t ============== allow postfix_postdrop_t tmp_t:dir read;
#============= postfix_showq_t ============== allow postfix_showq_t tmp_t:dir read;
Any reason postfix would be listing the contents of /tmp or /var/tmp? Did you put some content into these directories that have something to do with mail?
#============= postfix_smtp_t ============== allow postfix_smtp_t postfix_spool_maildrop_t:file { read write getattr };