segatex-7.950 released !
by Shintaro Fujiwara
As a new version of refpolicy shipped, so did I new version of segatex.
http://sourceforge.net/projects/segatex/
Incorporated latest refpolicy.
refpolicy version is 20130424.
Updated sqlrefpolicy.db.
sqlrefpolicy.db is a combined .if files in sqlite format database which had
been broken down by segatex's scripts for you to scrutinize how interfaces
work in SELinux manner.
You can analyze latest refpolicy just clicking buttons.
Enjoy playing with segatex !
segaetx is widely admitted as a third party tool for SELinux.
http://userspace.selinuxproject.org/trac/wiki/SelinuxTools
10 years, 11 months
- 1
- 0
Issue on a new system
by mark
We've just built a new machine, running CentOS 6.4. I built, then my
manager pulled stuff off the machine that it's replacing, installing as
necessary. I'm seeing a ton of complaints of "SELinux is preventing
/usr/libexec/dovecot/imap from search access on the directory indexes.".
Now, ps -Z | grep dove shows that dovecot's running as
unconfined_u:system_r:dovecot_t:s0, while a typical index it's trying to
read shows ll -Z as system_u:object_r:dovecot_t. As a side note, it's
owned by user, with group of nobody.
I see the same file on the old server as being system_u:object_r:var_spool_t.
Why would selinux be complaining? Is what was on the old system the
correct context?
mark
10 years, 12 months
- 3
- 5
default_t and updatedb
by mark
We've got an /apps directory in parallel with the web page directory. I've
most recently set it to httpd_sys_script_t; the directory under it has a
context of default_t, and that's off of /. Have I either given a wrong
context to the apps directory, left an incorrect one on the directory
under it (and if so, what would be appropriate), or is it just that I need
to semanage fcontext -a for apps?
CentOS 6.4.
mark
10 years, 12 months
- 2
- 4