-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Pad Hosmane wrote:
> Can I know why email option is not working?
The email option should work assuming that SE Linux policy allows it. I
just checked the source code. If the email address has a '@' symbol,
auditd calls gethostbyname to make sure that you don't have a typo in
the email address and it can't send an email when it needs to. Since SE
Linux policy fails that, it rejects that address and then in turn fails
the startup to let you know that you have something wrong in the
configuration.
There's possibly a workaround where you use a local alias that
sendmail/postfix resolves into your real email address. This way you do
not need an email address with a '@' in it. This should be temporary
until policy is fixed.
Also, when it does come time for auditd to send its first email, we
still need a transition from auditd to a mta domain. Auditd calls
/usr/lib/sendmail if that matters to anyone.
-Steve
Hi Steve,
Thanks a lot for all the help. I truly appreciate your help and all
others who helped me to resolve the issue.
Thanks.
--
fedora-selinux-list mailing list
fedora-selinux-list(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list Current audit policy
allows the transition to an mta
(mta_send_mail(auditd_t)
It did not however allow the communications with dns, as you stated.
Fixes in
selinux-policy-2.4.6-126.el5
selinux-policy-3.0.8-95.fc8
selinux-policy-3.3.1-22.fc9
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Using GnuPG with Fedora -
http://enigmail.mozdev.org
iEYEARECAAYFAkfiyPUACgkQrlYvE4MpobPejgCfe+GB7VG9gT639fFLesl0bBht
v6MAn2FyU5be/TXTQrHJ4TcqjBQIv6pV
=bh9N
-----END PGP SIGNATURE-----