It's a problem with the policy not with a relabel.
audit2allow <insert /var/log/auditd/auditd.log>
will give you a policy statement to work with...
HTH,
Harry
On Sun, 31 Jul 2005, Bobby Kashani wrote:
On Sun, 2005-07-31 at 15:22 +0200, Roger Grosswiler wrote:
> hi,
>
> i recently updated from fc3 to fc4. i use this machine as a mailserver
> with cyrus. 1st problem was the database - fixed issue. now, on
> authentication, i get errors, will say, with selinux enforcing i cannot
> authenticate at all.
>
> from the fc-list i got some help, with a few commands, that should help
> better understanding. What can i do, to have this box with selinux
> enforcing enabled? ah, yes, in permissive mode it works fine.
Have you tried doing a "touch /.autorelabel" and rebooting?
Bob
> here a sniplet of my logs:
> > [root@link ~]# ausearch -i -a 9657218
> > ----
> > type=PATH msg=audit(07/30/05 16:21:20.281:9657218) : item=0 flags=follow
inode=262199 dev=fd:00 mode=dir,755 ouid=root ogid=root rdev=00:00
> > type=SOCKETCALL msg=audit(07/30/05 16:21:20.281:9657218) : nargs=3 a0=b
a1=bfd308fa a2=6e
> > type=SOCKADDR msg=audit(07/30/05 16:21:20.281:9657218) : saddr=local
/var/run/saslauthd/mux
> > type=SYSCALL msg=audit(07/30/05 16:21:20.281:9657218) : arch=i386
syscall=socketcall(connect) success=no exit=-13(Permission denied) a0=3 a1=bfd2e4b0
a2=dd0228 a3=bfd2e513 items=1 pid=28898 auid=root uid=cyrus gid=mail euid=cyrus suid=cyrus
fsuid=cyrus egid=mail sgid=mail fsgid=mail comm=imapd exe=/usr/lib/cyrus-imapd/imapd
> > type=AVC msg=audit(07/30/05 16:21:20.281:9657218) : avc: denied { search }
for pid=28898 comm=imapd name=saslauthd dev=dm-0 ino=262199
scontext=root:system_r:cyrus_t tcontext=system_u:object_r:saslauthd_var_run_t tclass=dir
> >
> >> ausearch -i -a 9659874
> >>
> >>
> > [root@link ~]# ausearch -i -a 9659874
> > ----
> > type=PATH msg=audit(07/30/05 16:21:24.635:9659874) : item=0 flags=follow
inode=262199 dev=fd:00 mode=dir,755 ouid=root ogid=root rdev=00:00
> > type=SOCKETCALL msg=audit(07/30/05 16:21:24.635:9659874) : nargs=3 a0=b
a1=bfd308fa a2=6e
> > type=SOCKADDR msg=audit(07/30/05 16:21:24.635:9659874) : saddr=local
/var/run/saslauthd/mux
> > type=SYSCALL msg=audit(07/30/05 16:21:24.635:9659874) : arch=i386
syscall=socketcall(connect) success=no exit=-13(Permission denied) a0=3 a1=bfd2e4b0
a2=dd0228 a3=bfd2e513 items=1 pid=28898 auid=root uid=cyrus gid=mail euid=cyrus suid=cyrus
fsuid=cyrus egid=mail sgid=mail fsgid=mail comm=imapd exe=/usr/lib/cyrus-imapd/imapd
> > type=AVC msg=audit(07/30/05 16:21:24.635:9659874) : avc: denied { search }
for pid=28898 comm=imapd name=saslauthd dev=dm-0 ino=262199
scontext=root:system_r:cyrus_t tcontext=system_u:object_r:saslauthd_var_run_t tclass=dir
>
>
> i hope, you can help.
>
> Thanks a lot
> Roger
>
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list(a)redhat.com
>
http://www.redhat.com/mailman/listinfo/fedora-selinux-list
--
Bobby Kashani
http://www.ocf.berkeley.edu/~bobk/garnome
--
fedora-selinux-list mailing list
fedora-selinux-list(a)redhat.com
http://www.redhat.com/mailman/listinfo/fedora-selinux-list