redhatdude@xxxxxxxxxxxxx wrote:
Well, I'm stuck here if there's no easy way to fix my problem. I
can't understand how daemons such as syslogd or crond are not allowed
to send emails through postfix. I'm only left with an option, disable
selinux, which sucks. I tried to read the documentation and it's a
lot to swallow. On top of that, FC5 has different locations for all
those files, different from what the selinux documentation says. For
example, I don't have a src directory inside /etc/selinux/targeted/
and there's no single file ending with .te in my system.
This is frustrating. Thanks for your help Dave
EJ
PS. The selinux list is completely dead, one email in 24 hours. So
much for getting help there.
Sorry. Been long enough since I went through all of this that I didn't
remember some of the details. There is a ruleset source RPM you need to
install to be able to create a custom ruleset. Something like "yum
install selinux-policy-targeted-sources" should get you the source for
the stock targeted ruleset and the ability to make changes via a custom
ruleset. It will also create the required directory structure under
/etc/selinux/targeted/. The memory of the pain is all coming back to me
now....
Not sure what the scoop is on postfix since "standard" RPMs tend to come
with any required SELinux rulesets for them to at least work doing
default behavior (e.g., if you install httpd you can set up a simple web
server but any "interesting" CGI behavior requires customizing the
ruleset). audit2allow is your friend here since you can just turn off
enforcing mode and see what complaints SELinux generates, run
audit2allow to find out what ruleset changes are required and, most of
the time, just add the suggested rules to local.te.
Cheers,
Dave
--
Politics, n. Strife of interests masquerading as a contest of principles.
-- Ambrose Bierce
