SeLinux and mail relaying

redhatdude at bellsouth.net redhatdude at bellsouth.net
Sun Jul 9 09:20:00 UTC 2006


There's no local.te in my system. I'm running FC5. Also, there is no  
such rpm or anything similar in the yum repositories. Yes,  
audit2allow gave me the rules to add, two of them indeed. The problem  
now is where to add them. Any idea?
Thanks a lot for your help, I really appreciate it.
EJ

On Jul 8, 2006, at 4:11 PM, David G. Miller wrote:

> redhatdude at bellsouth.net wrote:
>
>> Well, I'm stuck here if there's no easy way to fix my problem. I   
>> can't understand how daemons such as syslogd or crond are not  
>> allowed  to send emails through postfix. I'm only left with an  
>> option, disable  selinux, which sucks. I tried to read the  
>> documentation and it's a  lot to swallow. On top of that, FC5 has  
>> different locations for all  those files, different from what the  
>> selinux documentation says. For  example, I don't have a src  
>> directory inside /etc/selinux/targeted/  and there's no single  
>> file ending with .te in my system.
>> This is frustrating. Thanks for your help Dave
>> EJ
>>
>> PS. The selinux list is completely dead, one email in 24 hours.  
>> So  much for getting help there.
>>
> Sorry.  Been long enough since I went through all of this that I  
> didn't remember some of the details.  There is a ruleset source RPM  
> you need to install to be able to create a custom ruleset.   
> Something like "yum install selinux-policy-targeted-sources" should  
> get you the source for the stock targeted ruleset and the ability  
> to make changes via a custom ruleset.  It will also create the  
> required directory structure under /etc/selinux/targeted/.  The  
> memory of the pain is all coming back to me now....
> Not sure what the scoop is on postfix since "standard" RPMs tend to  
> come with any required SELinux rulesets for them to at least work  
> doing default behavior (e.g., if you install httpd you can set up a  
> simple web server but any "interesting" CGI behavior requires  
> customizing the ruleset).  audit2allow is your friend here since  
> you can just turn off enforcing mode and see what complaints  
> SELinux generates, run audit2allow to find out what ruleset changes  
> are required and, most of the time, just add the suggested rules to  
> local.te.
>
> Cheers,
> Dave
>
> -- 
> Politics, n. Strife of interests masquerading as a contest of  
> principles.
> -- Ambrose Bierce
>
> -- 
> fedora-list mailing list
> fedora-list at redhat.com
> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list




More information about the users mailing list