As a new version of refpolicy shipped, so did I new version of segatex.
Incorporated latest refpolicy.
refpolicy version is 20130424.
sqlrefpolicy.db is a combined .if files in sqlite format database which had
been broken down by segatex's scripts for you to scrutinize how interfaces
work in SELinux manner.
You can analyze latest refpolicy just clicking buttons.
Enjoy playing with segatex !
segaetx is widely admitted as a third party tool for SELinux.
We've just built a new machine, running CentOS 6.4. I built, then my
manager pulled stuff off the machine that it's replacing, installing as
necessary. I'm seeing a ton of complaints of "SELinux is preventing
/usr/libexec/dovecot/imap from search access on the directory indexes.".
Now, ps -Z | grep dove shows that dovecot's running as
unconfined_u:system_r:dovecot_t:s0, while a typical index it's trying to
read shows ll -Z as system_u:object_r:dovecot_t. As a side note, it's
owned by user, with group of nobody.
I see the same file on the old server as being system_u:object_r:var_spool_t.
Why would selinux be complaining? Is what was on the old system the
We've got an /apps directory in parallel with the web page directory. I've
most recently set it to httpd_sys_script_t; the directory under it has a
context of default_t, and that's off of /. Have I either given a wrong
context to the apps directory, left an incorrect one on the directory
under it (and if so, what would be appropriate), or is it just that I need
to semanage fcontext -a for apps?