F19-mailserver & selinux complains
Cristian Sava
csava at central.ucv.ro
Thu Jun 6 16:55:16 UTC 2013
> > Anyways Crhitian, I have added the allow rules to the base policy to allow
> > this. You can do this for now by executing
> >
> > # grep courier /var/log/audit/audit.log | audit2allow -M mycourier
> > # semodule -i mycourier.pp
Well, I tested as you advised but is much more to do.
I did for courier-amavis-postfix:
# grep courier /var/log/audit/audit.log | audit2allow -M mycourier
# semodule -i mycourier.pp
and also
# grep /usr/sbin/amavi /var/log/audit/audit.log | audit2allow -M
myamavis
# semodule -i myamavis.pp
# grep virtual /var/log/audit/audit.log | audit2allow -M myvirtual
# semodule -i myvirtual.pp
And now the mail server is working.
But I use (as many others) fail2ban and this is not working until we do:
# grep pidof /var/log/audit/audit.log | audit2allow -M mypidof
# semodule -i mypidof.pp
Now, with such/these modules in place, many tutorials from
www.howtoforge.com are working with selinux enabled and many people are
happy and fedora's users base is growing.
The problem is that not many users want or can to debug and solve such
things. It's simple but not for them.
That's why I ask on this list to relax a little bit the rules and accept
some little changes to default and let people use their desired
software. Sometimes a very simple option can make miracles.
And now a very very good thing:
Fedora 19 seems to me a rock solid distribution!
Congrats to all of you!
Cristian Sava
More information about the test
mailing list