[CentOS] NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql
Robert Moskowitz
rgm at htt-consult.com
Tue Apr 25 09:07:45 UTC 2017
On 04/25/2017 10:58 AM, Laurent Wandrebeck wrote:
> Le mardi 25 avril 2017 à 10:39 +0200, Robert Moskowitz a écrit :
>> Thanks Laurent. You obviously know a LOT more about SELinux than I. I
>> pretty much just use commands and not build policies. So I need some
>> more information here.
>>
>> From what you provided below, how do I determine what is currently in
>> place and how do I add your stuff (changing postgresql with mysql, nat.)
>>
>> thanks
> Quick’n’(really) dirty SELinux howto:
> 1) Run the service. fails due to missing selinux policy.
> 2) grep service_pattern /var/log/audit/audit.log | audit2allow -M
> myservice_policy
Do you really mean 'service_pattern', or is this a placeholder for
something like mysql?
As I get 'Nothing to do'
> 3) do what output says. (semodule -i myservice_policy.pp normally)
> 4) goto 1. That way, you’ll create and allow step by step necessary
> rights so your service ends up running normaly.
>
> The content I gave you is from mydovecot.te (human readable version
> of .pp created by audit2allow).
>
> After a quick look at audit2allow man, it looks like you can get .pp by
> doing:
> make -f /usr/share/selinux/devel/Makefile myservice_policy.pp (it’ll
> look after myservice_policy.te in PWD).
>
> HTH,
More information about the CentOS
mailing list