Re: SeLinux and mail relaying

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



There's no local.te in my system. I'm running FC5. Also, there is no such rpm or anything similar in the yum repositories. Yes, audit2allow gave me the rules to add, two of them indeed. The problem now is where to add them. Any idea?
Thanks a lot for your help, I really appreciate it.
EJ

On Jul 8, 2006, at 4:11 PM, David G. Miller wrote:

redhatdude@xxxxxxxxxxxxx wrote:

Well, I'm stuck here if there's no easy way to fix my problem. I can't understand how daemons such as syslogd or crond are not allowed to send emails through postfix. I'm only left with an option, disable selinux, which sucks. I tried to read the documentation and it's a lot to swallow. On top of that, FC5 has different locations for all those files, different from what the selinux documentation says. For example, I don't have a src directory inside /etc/selinux/targeted/ and there's no single file ending with .te in my system.
This is frustrating. Thanks for your help Dave
EJ

PS. The selinux list is completely dead, one email in 24 hours. So much for getting help there.

Sorry. Been long enough since I went through all of this that I didn't remember some of the details. There is a ruleset source RPM you need to install to be able to create a custom ruleset. Something like "yum install selinux-policy-targeted-sources" should get you the source for the stock targeted ruleset and the ability to make changes via a custom ruleset. It will also create the required directory structure under /etc/selinux/targeted/. The memory of the pain is all coming back to me now.... Not sure what the scoop is on postfix since "standard" RPMs tend to come with any required SELinux rulesets for them to at least work doing default behavior (e.g., if you install httpd you can set up a simple web server but any "interesting" CGI behavior requires customizing the ruleset). audit2allow is your friend here since you can just turn off enforcing mode and see what complaints SELinux generates, run audit2allow to find out what ruleset changes are required and, most of the time, just add the suggested rules to local.te.

Cheers,
Dave

--
Politics, n. Strife of interests masquerading as a contest of principles.
-- Ambrose Bierce

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux