-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 01/21/2013 01:26 PM, Jean-David Beyer wrote:
On 01/21/2013 11:31 AM, Daniel J Walsh wrote:
> On 01/19/2013 07:34 AM, Jean-David Beyer wrote:
>> On 01/18/2013 10:30 AM, Jean-David Beyer wrote:
>>> On 01/18/2013 09:24 AM, Miroslav Grepl wrote:
>> [snip]
>>>> Hi, I believe we should collect all AVC msgs. Could you execute
>>>>
>>>> # semanage permissive -a system_mail_t
>> Should I turn this off again? I.e., set it to 'enforcing'?
> Yes once you are done collecting the AVC's and are happy that it is
> working properly.
> semanage permissive -d system_mail_t
OK. I did that.
These wemanage things take a long time. I have a 4-core 1.8 GHz Xeon
processor. They tend to hog an entire core for around (but less than) a
minute. What is it doing with all that time? The they have to hit a
database for each program and file in the system or something?
> We do not currently allow log files mailed off the system by the system
> mailer. I guess we could add a boolean for this. but I do not believe we
> should allow this by default.
Was this in response to something I said? Because, if so, I forgot what I
may have said that prompted this.
In the future, I will be wanting to use shell scripts to send e-mails from
one computer to another on my l.a.n. Right now, I cannot do it because I am
running the default firewall that comes with RHEL 6 and CentOS 5. I
certainly can SSH files between the machines with no trouble, since the
default firewall allows that. And apparently so does SELinux. I know I can
e-mail stuff off my machine using Thunderbird, and I do not suppose
anything stops me from attaching a log file, though I never tried that. --
selinux mailing list selinux(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
Well the AVC you were showing was emailing a cron log file. Which SELinux
blocks and you overrode with a policy module which is fine. My point was we
Fedora/RHEL do not to allow this by default and allow customers/users to
override the defaults.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird -
http://www.enigmail.net/
iEYEARECAAYFAlD9qB0ACgkQrlYvE4MpobOdOQCdGOdLybTfMcSKlCi3It+UU8xy
IlYAn3zcAojOoRDa29iH9Kw8qb892Hi5
=1XEu
-----END PGP SIGNATURE-----