On 04/02/2018 07:20 PM, leam hall wrote:
On Fri, Mar 30, 2018 at 5:18 PM, Simon Sekidde ssekidde@redhat.com wrote:
Leam,
This rule should already exist in the current policy to suppress the alerts
dontaudit postfix_domain kernel_t : system module_request ;
Didn't see it. Stock and patched RHEL 6.
This could be kernel bug. We had a discussion about it: https://github.com/fedora-selinux/selinux-policy/commit/2c13be1fb543c5193578...
But if you're running RHEL6, the bug shouldn't be there. If you're still see these AVCs please dontaudit it like it's mentioned in email from Simon.
Lukas.
If you are not using IPv6 then make Postfix use IPv4 only by setting the line 'inet_protocols' to ipv4 in /etc/postfix/main.cf
# Enable IPv4, and IPv6 if supported inet_protocols = all
Made this change, thanks! Will see if it prevents alerts.
Leam _______________________________________________ selinux mailing list -- selinux@lists.fedoraproject.org To unsubscribe send an email to selinux-leave@lists.fedoraproject.org