On Wed, Apr 4, 2018 at 6:19 AM, Lukas Vrabec lvrabec@redhat.com wrote:
On 04/02/2018 07:20 PM, leam hall wrote:
On Fri, Mar 30, 2018 at 5:18 PM, Simon Sekidde ssekidde@redhat.com wrote:
Leam,
This rule should already exist in the current policy to suppress the alerts
dontaudit postfix_domain kernel_t : system module_request ;
Didn't see it. Stock and patched RHEL 6.
This could be kernel bug. We had a discussion about it: https://github.com/fedora-selinux/selinux-policy/commit/2c13be1fb543c5193578...
But if you're running RHEL6, the bug shouldn't be there. If you're still see these AVCs please dontaudit it like it's mentioned in email from Simon.
Lukas.
Not sure we want to hide the denial. Doesn't that mean SELinux is preventing Postfix from doing something it thinks it should do? Wouldn't allowing it be better, assuming Postfix is supposed to do whatever?
Or do I not understand?
Leam