logwatch error messages
Robert Moskowitz
rgm at htt-consult.com
Thu Jan 23 18:54:04 UTC 2014
On 01/23/2014 08:38 AM, Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 01/22/2014 11:07 PM, Robert Moskowitz wrote:
>> I am seeing the following errors via "journalctl |grep logwatch":
>>
>> I had performed the following selinux policy:
>>
>> On 01/06/2014 08:14 AM, Daniel J Walsh wrote:
>>> Create a file mylogwatch.te with the following content.
>>>
>>> policy_module(mylogwatch, 1.0) gen_require(` type logwatch_mail_t; ')
>>>
>>> mta_filetrans_admin_home_content(logwatch_mail_t)
>>>
>>> Now execute this command to compile the policy and load it into the
>>> kernel
>>>
>>> # make -f /usr/share/selinux/devel/Makefile # semodule -i mylogwatch.pp
>>>
>>> Now you should be allowed to run logwatch_mail_t in enforcing mode.
>>>
>> What do these messages mean?
>>
>>
> They mean that logwatch is not allowed to execute the procmail program.
>
> You could add policy for it.
Obvious. hindsight is just great!
> procmail_domtrans(logwatch_t)
I am looking at what you gave me before:
#cat mylogwatch.te
policy_module(mylogwatch, 1.0)
gen_require(`
type logwatch_mail_t;
')
mta_filetrans_admin_home_content(logwatch_mail_t)
--------------------
Would mylogwprocmail.te contain:
policy_module(mylogwprocmail, 1.0)
gen_require(`
type logwatch_t;
')
procmail_domtrans(logwatch_t)
???????????????????
More information about the users
mailing list