Frank Murphy wrote:
If exim gave an avc denial.
1: Create policy.
audit2allow -M myexim < /var/log/audit/audit.log
then enable it.
semodule -i myexim.pp
2: If then in a couple of days exim generates another avc denial,
different from the first.
How does one edid\use audid2allow to include the new avc.
Have looked at "man audit2allow" and can't seem to grasp an edit from
On the day that it generates another denial, you could try something like:
/sbin/ausearch -m avc -ts today | grep x | audit2allow -M
myexim2;/usr/sbin/semodule -i myexim2.pp
Where "x" is the domain, such as "httpd_t" for Apache. It is probably
best to run "/sbin/ausearch -m avc -ts today | grep x" first, to make
sure you get the results you want.