Simon, thanks! I'll test that Monday when I'm back at work. I have to
weed though a few thousand alerts as I learn. :)
Leam
On 03/30/2018 05:18 PM, Simon Sekidde wrote:
> Leam,
>
> ----- Original Message -----
>> From: "leam hall" <leamhall(a)gmail.com>
>> To: selinux(a)lists.fedoraproject.org
>> Sent: Friday, March 30, 2018 1:08:26 PM
>> Subject: Newbie asking about first policy file
>>
>> Good morning!
>>
>> I'm trying to learn SELinux and reduce the number of alerts that refer
>> to normal processes. Postfix is one of the biigies, here's what I've
>> gotten so far. I'd appreciate critique.
>>
>
> This rule should already exist in the current policy to suppress the alerts
>
> dontaudit postfix_domain kernel_t : system module_request ;
>
>> Note that the file is hand transcribed, not cut and pasted. It does
>> compile and install, so typographic errors are mine.
>>
>> ###
>>
>> module postfix 0.0.1;
>> require {
>> type kernel_t;
>> type postfix_bounce_t;
>> type postfix_master_t;
>> type postfix_smtp_t;
>> }
>>
>> allow postfix_bounce_t kernel_t:system module_request;
>> allow postfix_master_t kernel_t;system module_request;
>> allow postfix_smtp_t kernel_t:system module request;
>>
>> ###
>>
>
> If you are not using IPv6 then make Postfix use IPv4 only by setting the line
'inet_protocols' to ipv4 in /etc/postfix/main.cf
>
> # Enable IPv4, and IPv6 if supported
> inet_protocols = all
>
>> Thanks!
>>
>> Leam
>> _______________________________________________
>> selinux mailing list -- selinux(a)lists.fedoraproject.org
>> To unsubscribe send an email to selinux-leave(a)lists.fedoraproject.org
>>
>