Selinux with New kickstart install on Centos minimal
Posted: 29 Feb 2020 15:35
Just did a new efa kickstart install on Centos-minimal. Can confirm the razor issues are gone 
On the ' old' efa4 there was spamassassin-3.4.4.rc1, on the new efa4 is spamassassin-3.4.4
The new efa is just a test to check. There are only 3 mails present, the quarantine report and 2 [SAV-LINUX] Notice from Sophos Anti-Virus mails
I installed bacula-client as additional package.
my-newefa.te
On the ' old' efa4 there was spamassassin-3.4.4.rc1, on the new efa4 is spamassassin-3.4.4
The new efa is just a test to check. There are only 3 mails present, the quarantine report and 2 [SAV-LINUX] Notice from Sophos Anti-Virus mails
I installed bacula-client as additional package.
Code: Select all
ausearch -m 'AVC' --raw | audit2allow -M my-newefaCode: Select all
module my-newefa 1.0;
require {
type mscan_t;
type admin_home_t;
type bacula_var_run_t;
type usr_t;
type spamd_update_t;
type httpd_sys_script_t;
type dovecot_auth_t;
type postfix_local_t;
type bacula_t;
class sock_file write;
class dir { add_name getattr write };
}
#============= bacula_t ==============
allow bacula_t bacula_var_run_t:dir write;
#============= httpd_sys_script_t ==============
allow httpd_sys_script_t bacula_t:dir getattr;
allow httpd_sys_script_t dovecot_auth_t:dir getattr;
allow httpd_sys_script_t postfix_local_t:dir getattr;
#!!!! WARNING: 'usr_t' is a base type.
allow httpd_sys_script_t usr_t:sock_file write;
#============= mscan_t ==============
#!!!! This avc is allowed in the current policy
allow mscan_t usr_t:sock_file write;
#============= spamd_update_t ==============
allow spamd_update_t admin_home_t:dir add_name;