we have remote server running as a guest instance on a kvm host. This
server acts as a public MX service for our domains along with
providing a backup for our Mailman mailing lists. It also has a slave
named service.
while tracking down a separate problem I discovered these avc
anomalies and ran audit2allow to see what was required to eliminate
them. All the software is either from CentOS or EPEL.
#============= amavis_t ==============
allow amavis_t sysfs_t:dir open;
#============= clamd_t ==============
allow clamd_t sysctl_vm_t:dir search;
#============= mailman_mail_t ==============
#!!!! The source type 'mailman_mail_t' can write to a 'dir' of the
following types:
# mailman_log_t, mailman_data_t, mailman_lock_t, mailman_archive_t,
var_lock_t, tmp_t, mailman_mail_tmp_t, var_log_t, root_t
allow mailman_mail_t lib_t:dir write;
#============= named_t ==============
allow named_t sysctl_vm_t:dir search;
#============= postfix_postdrop_t ==============
allow postfix_postdrop_t fail2ban_tmp_t:file { read write };
#============= syslogd_t ==============
allow syslogd_t sysctl_vm_t:dir search;
Is there an epel/selinux forum to report these for repair or are they
caused by something I am doing wrong? If so then what do I need to do
to eliminate them?
--
*** e-Mail is NOT a SECURE channel ***
Do NOT transmit sensitive data via e-Mail
James B. Byrne mailto:ByrneJB at Harte-Lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3