Selinux with New kickstart install on Centos minimal

Bugs in eFa 4
Post Reply
henk
Posts: 517
Joined: 14 Dec 2015 22:16
Location: Netherlands
Contact:

Selinux with New kickstart install on Centos minimal

Post by henk »

Just did a new efa kickstart install on Centos-minimal. Can confirm the razor issues are gone :clap:

On the ' old' efa4 there was spamassassin-3.4.4.rc1, on the new efa4 is spamassassin-3.4.4

The new efa is just a test to check. There are only 3 mails present, the quarantine report and 2 [SAV-LINUX] Notice from Sophos Anti-Virus mails
I installed bacula-client as additional package.

Code: Select all

ausearch -m 'AVC' --raw | audit2allow -M my-newefa
my-newefa.te

Code: Select all

module my-newefa 1.0;

require {
        type mscan_t;
        type admin_home_t;
        type bacula_var_run_t;
        type usr_t;
        type spamd_update_t;
        type httpd_sys_script_t;
        type dovecot_auth_t;
        type postfix_local_t;
        type bacula_t;
        class sock_file write;
        class dir { add_name getattr write };
}

#============= bacula_t ==============
allow bacula_t bacula_var_run_t:dir write;

#============= httpd_sys_script_t ==============
allow httpd_sys_script_t bacula_t:dir getattr;
allow httpd_sys_script_t dovecot_auth_t:dir getattr;
allow httpd_sys_script_t postfix_local_t:dir getattr;

#!!!! WARNING: 'usr_t' is a base type.
allow httpd_sys_script_t usr_t:sock_file write;

#============= mscan_t ==============

#!!!! This avc is allowed in the current policy
allow mscan_t usr_t:sock_file write;

#============= spamd_update_t ==============
allow spamd_update_t admin_home_t:dir add_name;
“We are stuck with technology when what we really want is just stuff that works.” -Douglas Adams
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: Selinux with New kickstart install on Centos minimal

Post by shawniverson »

3.4.4-rc1 and 3.4.4 are the same. Just a small naming mishap in the testing repo. I should have placed the rc1 on the release and not the version.
Post Reply