[CentOS] NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql

Tue Apr 25 19:05:31 UTC 2017
Robert Moskowitz <rgm at htt-consult.com>


On 04/25/2017 06:45 PM, Gordon Messmer wrote:
> On 04/25/2017 01:58 AM, Laurent Wandrebeck wrote:
>> Quick’n’(really) dirty SELinux howto:
>
>
> Alternate process:
>
> 1: setenforce permissive
> 2: tail -f /var/log/audit/audit.log | grep AVC
> 3: use the service, exercise each function that's constrained by the 
> existing policy
> 4: copy and paste the output from the terminal used for #2 into 
> "audit2allow -M <modulename>"
> 5: setenforce enforcing
>
> This process is less iterative, which can save a *lot* of time 
> building some policies.

How do I undo the damage the last attempt caused?

I am on the road right now (Venice, IT to speak tomorrow on Identity 
Oriented Networking), and I left my test system running back home. To 
get to it is two SSH hops.  The WiFi in this hotel is a pain.  It times 
out after 1 hour and you have to do a web access.  It does not 
understand things like IMAP and SSH...