I am trying to delete the problem policies I added, but so far can't.
Meanwhile something, I think, is writing to memory where it shouldn't?
Apr 25 18:02:20 z9m9z dovecot: dict: Error: b6df0000-b6df1000 rw-p
0013d000 08:03 6084 /usr/lib/libc-2.17.so
Apr 25 18:02:20 z9m9z dovecot: dict: Error: b6df1000-b6df4000 rw-p
00000000 00:00 0
Apr 25 18:02:20 z9m9z dovecot: dict: Error: b6df4000-b6e12000 r-xp
00000000 08:03 3988 /usr/lib/libgcc_s-4.8.5-20150702.so.1
Apr 25 18:02:20 z9m9z dovecot: dict: Error: b6e12000-b6e21000 ---p
0001e000 08:03 3988 /usr/lib/libgcc_s-4.8.5-20150702.so.1
?
On 04/25/2017 11:47 AM, Robert Moskowitz wrote:
> I think I have a module problem with SELinux. Laurent is on an x86_64
> box and can't help me any further...
>
>
> On 04/25/2017 11:12 AM, Laurent Wandrebeck wrote:
>> Le mardi 25 avril 2017 à 11:07 +0200, Robert Moskowitz a écrit :
>>> On 04/25/2017 10:58 AM, Laurent Wandrebeck wrote:
>>>> Le mardi 25 avril 2017 à 10:39 +0200, Robert Moskowitz a écrit :
>>>>> Thanks Laurent. You obviously know a LOT more about SELinux than
>>>>> I. I
>>>>> pretty much just use commands and not build policies. So I need some
>>>>> more information here.
>>>>>
>>>>> From what you provided below, how do I determine what is
>>>>> currently in
>>>>> place and how do I add your stuff (changing postgresql with mysql,
>>>>> nat.)
>>>>>
>>>>> thanks
>>>> Quick’n’(really) dirty SELinux howto:
>>>> 1) Run the service. fails due to missing selinux policy.
>>>> 2) grep service_pattern /var/log/audit/audit.log | audit2allow -M
>>>> myservice_policy
>>> Do you really mean 'service_pattern', or is this a placeholder for
>>> something like mysql?
>>>
>>> As I get 'Nothing to do'
>> placeholder which changes according to your needs.
> I just made it worst. I put in mysql for myservice_policy, got a /pp
> and did:
>
> semodule -i myservice_policy.pp
>
>
> Now I get real errors like:
>
> Apr 25 05:13:16 z9m9z dovecot: dict: Error: b6fa1000-b6fc0000 r-xp
> 00000000 08:03 6076 /usr/lib/ld-2.17.so
> Apr 25 05:13:16 z9m9z dovecot: dict: Error: b6fc5000-b6fc7000 rw-p
> 00000000 00:00 0
> Apr 25 05:13:16 z9m9z dovecot: dict: Error: b6fcd000-b6fcf000 rw-p
> 00000000 00:00 0
> Apr 25 05:13:16 z9m9z dovecot: dict: Error: b6fcf000-b6fd0000 r--p
> 0001e000 08:03 6076 /usr/lib/ld-2.17.so
> Apr 25 05:13:16 z9m9z dovecot: dict: Error: b6fd0000-b6fd1000 rw-p
> 0001f000 08:03 6076 /usr/lib/ld-2.17.so
> Apr 25 05:13:16 z9m9z dovecot: dict: Error: bee46000-bee67000 rw-p
> 00000000 00:00 0 [stack]
> Apr 25 05:13:16 z9m9z dovecot: dict: Error: beec5000-beec6000 r-xp
> 00000000 00:00 0 [sigpage]
> Apr 25 05:13:16 z9m9z dovecot: dict: Error: ffff0000-ffff1000 r-xp
> 00000000 00:00 0 [vectors]
>
> Which go away if I setenforce 0. :(
>
> myservice_policy.te has:
>
>
> module myservice_policy 1.0;
>
> require {
> type dovecot_t;
> type mysqld_etc_t;
> type mysqld_t;
> class unix_stream_socket connectto;
> class file { getattr open read };
> class dir read;
> }
>
> #============= dovecot_t ==============
> allow dovecot_t mysqld_etc_t:dir read;
> allow dovecot_t mysqld_etc_t:file { getattr open read };
>
> #!!!! The file '/var/lib/mysql/mysql.sock' is mislabeled on your system.
> #!!!! Fix with $ restorecon -R -v /var/lib/mysql/mysql.sock
> #!!!! This avc can be allowed using the boolean
> 'daemons_enable_cluster_mode'
> allow dovecot_t mysqld_t:unix_stream_socket connectto;
>
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> https://lists.centos.org/mailman/listinfo/centos
> _______________________________________________
> Arm-dev mailing list
> Arm-dev at centos.org
> https://lists.centos.org/mailman/listinfo/arm-dev