On 09/28/2015 10:34 PM, Bruno Wolff III wrote:
I have a problem in F23 (that wasn't in F22), where getmail (or
its feed
into qmail) doesn't work in enforcing mode. I first tried using
audit2allow to whitelist all of the avcs.
Could you attach them?
There could be also a selinux_err message in audit.log.
That didn't work. Then I used
semodule -DB in case there was a don't audit rule and then used
audit2allow again to get the data for a local semodule and it still
didn't work. I am seeing a user avc in the logs, that I suspect isn't
getting handled by audit2allow, but I am not sure how to say its OK or
change things so I don't hit it:
type=USER_AVC msg=audit(1443471901.485:584): pid=1 uid=0 auid=4294967295
ses=4294967295 subj=system_u:system_r:init_t:s0 msg='Unknown permission
stop for class system exe="/usr/lib/systemd/systemd" sauid=0 hostname=?
addr=? terminal=?'
I tried searching for some of the text, but I didn't find any relevant
references.
--
selinux mailing list
selinux(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
--
Miroslav Grepl
Senior Software Engineer, SELinux Solutions
Red Hat, Inc.