On Wed, Apr 4, 2018 at 6:19 AM, Lukas Vrabec <lvrabec(a)redhat.com> wrote:
On 04/02/2018 07:20 PM, leam hall wrote:
> On Fri, Mar 30, 2018 at 5:18 PM, Simon Sekidde <ssekidde(a)redhat.com> wrote:
>> Leam,
>
>> This rule should already exist in the current policy to suppress the alerts
>>
>> dontaudit postfix_domain kernel_t : system module_request ;
>
>
> Didn't see it. Stock and patched RHEL 6.
>
This could be kernel bug. We had a discussion about it:
https://github.com/fedora-selinux/selinux-policy/commit/2c13be1fb543c5193...
But if you're running RHEL6, the bug shouldn't be there.
If you're still see these AVCs please dontaudit it like it's mentioned
in email from Simon.
Lukas.
Not sure we want to hide the denial. Doesn't that mean SELinux is
preventing Postfix from doing something it thinks it should do?
Wouldn't allowing it be better, assuming Postfix is supposed to do
whatever?
Or do I not understand?
Leam