On 04/02/2018 07:20 PM, leam hall wrote:
On Fri, Mar 30, 2018 at 5:18 PM, Simon Sekidde
<ssekidde(a)redhat.com> wrote:
> Leam,
> This rule should already exist in the current policy to suppress the alerts
>
> dontaudit postfix_domain kernel_t : system module_request ;
Didn't see it. Stock and patched RHEL 6.
This could be kernel bug. We had a discussion about it:
https://github.com/fedora-selinux/selinux-policy/commit/2c13be1fb543c5193...
But if you're running RHEL6, the bug shouldn't be there.
If you're still see these AVCs please dontaudit it like it's mentioned
in email from Simon.
Lukas.
>
> If you are not using IPv6 then make Postfix use IPv4 only by setting the line
'inet_protocols' to ipv4 in /etc/postfix/main.cf
>
> # Enable IPv4, and IPv6 if supported
> inet_protocols = all
Made this change, thanks! Will see if it prevents alerts.
Leam
_______________________________________________
selinux mailing list -- selinux(a)lists.fedoraproject.org
To unsubscribe send an email to selinux-leave(a)lists.fedoraproject.org
--
Lukas Vrabec
Software Engineer, Security Technologies
Red Hat, Inc.