SELinux is preventing /bin/gawk "execute" access on /var/home/rnichols/mail/spamstrings.awk
Paul Howarth
paul at city-fan.org
Fri Mar 5 14:20:40 UTC 2010
On 05/03/10 13:55, Robert Nichols wrote:
> On 03/05/2010 03:09 AM, Dominick Grift wrote:
>> On 03/05/2010 04:29 AM, Robert Nichols wrote:
>>> And, it appears that I have to remember to re-install all local policy
>>> modules every time there is a policy update, right?? :-((
>>
>> Not in all cases but in the case where user domains are involved that
>> may be true. semodule -B may also do the trick.
>>
>> It may be a better idea to label /var/home/rnichols/mail/spamstrings.sh
>> type bin_t
>>
>> semanage fcontext -a -t bin_t /var/home/rnichols/mail/spamstrings.sh
>> restorecon -R -v /var/home/rnichols/mail/spamstrings.sh
>
> So, if I move that file to my $HOME/bin directory and make that whole
> directory type bin_t, that should take care of it??
Should do. In fact I have a local policy module that makes all user home
directories bin_t:
localmisc.fc:
# Need to be able to run scripts from procmail, cron etc.
HOME_DIR/bin(/.*)? gen_context(unconfined_u:object_r:bin_t,s0)
Paul.
More information about the selinux
mailing list