failed to customize policy, SELinux won't let me
Florin Andrei
florin at andrei.myip.org
Wed May 3 16:53:38 UTC 2006
Fresh FC5 install (not an update) on an Intel 32bit CPU.
Applied all updates, reboot, let anacron do its job, reboot.
Installed Postfix and Cyrus-IMAPd
While testing Postfix with Cyrus I got this:
May 3 09:38:25 stantz kernel: audit(1146674305.211:305): avc: denied
{ search } for pid=3441 comm="lmtp" name="lib" dev=hda2 ino=2293761
scontext=user_u:system_r:postfix_master_t:s0
tcontext=system_u:object_r:var_lib_t:s0 tclass=dir
OK, fine, I go here and follow the steps (all the time working in
the /root/selinux directory):
http://fedora.redhat.com/docs/selinux-faq-fc5/#faq-entry-local.te
However, I can't seem to load the local module:
# /usr/sbin/semodule -i local.pp
/usr/sbin/semodule: Could not read file 'local.pp':
# ls
local.fc local.if local.pp local.te tmp
# cat local.te
policy_module(local, 1.0)
require {
type postfix_master_t;
type var_lib_t;
}
allow postfix_master_t var_lib_t:dir search;
In the logs I get this:
audit(1146674668.001:307): avc: denied { search } for pid=3569
comm="semodule" name="selinux" dev=hda4 ino=6501763
scontext=user_u:system_r:semanage_t:s0
tcontext=user_u:object_r:user_home_t:s0 tclass=dir
What is going on?
--
Florin Andrei
http://florin.myip.org/
More information about the selinux
mailing list