On 11/22/2010 02:07 PM, Vadym Chepkov wrote:
Hi,
I just upgraded to Fedora 14 and got a significant amount of all sort of denials. I thought maybe some relabeling went wrong - so I did it manually, just in case, didn't help much, still lots of issues. I tried to post raw audit log, but got bounced from mail-list with "message too big"
Anyway, here is what audit2allow -R suggests
#============= chkpwd_t ============== allow chkpwd_t self:capability sys_nice; allow chkpwd_t self:process setsched; files_list_tmp(chkpwd_t) files_read_usr_symlinks(chkpwd_t)
#============= dovecot_auth_t ============== allow dovecot_auth_t self:capability sys_nice; allow dovecot_auth_t self:process setsched;
#============= dovecot_t ============== allow dovecot_t self:capability sys_nice; files_read_usr_symlinks(dovecot_t) #============= nscd_t ============== files_list_tmp(nscd_t) files_read_usr_symlinks(nscd_t)
#============= saslauthd_t ============== allow saslauthd_t self:capability sys_nice; allow saslauthd_t self:process setsched; files_read_usr_symlinks(saslauthd_t)
#============= spamd_t ============== allow spamd_t admin_home_t:file { read ioctl open getattr append }; # spammers send e-mails to root@ , spamd needs to create working files in /root/ allow spamd_t self:capability sys_nice; kernel_list_unlabeled(spamd_t) # razor and pyzor contexts gone kernel_read_unlabeled_state(spamd_t) # same userdom_read_user_home_content_files(spamd_t) # changed boolean spamd_enable_home_dirs
Thanks, Vadym
-- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux
Vadym, are you still getting all these AVC messages?
Some of these issues are known and some of these issues should be fixed in the latest SELinux policy.