Displaying 9 results from an estimated 9 matches for "amavis_t".
2007 Jul 19
1
semodule - global requirements not met
...ule
- amavis.te looks like:
module amavis 1.0;
require {
class dir { add_name getattr read remove_name search write };
class file { create execute execute_no_trans getattr lock read
rename unlink write };
class filesystem getattr;
class lnk_file read;
type amavis_t;
type fs_t;
type mqueue_spool_t;
type sbin_t;
type sendmail_exec_t;
type var_lib_t;
role system_r;
};
allow amavis_t fs_t:filesystem getattr;
allow amavis_t mqueue_spool_t:dir { add_name getattr read remove_name
search write };
allow amavis_t mqueue_...
2014 Dec 05
2
Postfix avc (SELinux)
...or is there some boolean setting
>> needed to handle this? I could not find one if there is but. . .
>>
> Anyone see any problem with generating a custom policy consisting of the
> following?
>
> grep avc /var/log/audit/audit.log | audit2allow
>
>
> #============= amavis_t ==============
> allow amavis_t shell_exec_t:file execute;
> allow amavis_t sysfs_t:dir search;
>
> #============= clamscan_t ==============
> allow clamscan_t amavis_spool_t:dir read;
In the latest rhel6 policies amavas_t and clamscan_t have been merged
into antivirus_t? Is you sel...
2008 Aug 26
3
Amavisd Howto
...wiki.centos.org/HowTos/SELinux
Also, SELinux with respect to the amavisd guide was recently discussed
on the mailing list here:
http://lists.centos.org/pipermail/centos/2008-August/062296.html
Quoting from that post:
module local 1.0;
require {
type traceroute_port_t;
type amavis_t;
type postfix_spool_t;
type clamd_t;
type amavis_var_lib_t;
type sysctl_kernel_t;
type var_t;
type postfix_smtpd_t;
type initrc_t;
type proc_t;
class unix_stream_socket connectto;
class file { read g...
2014 Dec 04
3
Postfix avc (SELinux)
I am seeing these avc messages on a newly commissioned and up-to-date CentOs-6
virtual guest:
----
time->Thu Dec 4 12:14:58 2014
type=SYSCALL msg=audit(1417713298.610:60522): arch=c000003e syscall=2
success=no exit=-13 a0=7fd70e6de1e6 a1=0 a2=1b6 a3=0 items=0 ppid=2698
pid=4294 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=(none) ses=2784 comm="trivial-rewrite"
2014 Dec 04
0
Postfix avc (SELinux)
...SELinux. Do I just build a local policy or is there some boolean setting
> needed to handle this? I could not find one if there is but. . .
>
Anyone see any problem with generating a custom policy consisting of the
following?
grep avc /var/log/audit/audit.log | audit2allow
#============= amavis_t ==============
allow amavis_t shell_exec_t:file execute;
allow amavis_t sysfs_t:dir search;
#============= clamscan_t ==============
allow clamscan_t amavis_spool_t:dir read;
#============= logwatch_mail_t ==============
allow logwatch_mail_t usr_t:lnk_file read;
#============= postfix_master_t...
2014 Dec 05
0
Postfix avc (SELinux)
...t;>> needed to handle this? I could not find one if there is but. . .
>>>
>> Anyone see any problem with generating a custom policy consisting of the
>> following?
>>
>> grep avc /var/log/audit/audit.log | audit2allow
>>
>>
>> #============= amavis_t ==============
>> allow amavis_t shell_exec_t:file execute;
>> allow amavis_t sysfs_t:dir search;
>>
>> #============= clamscan_t ==============
>> allow clamscan_t amavis_spool_t:dir read;
> In the latest rhel6 policies amavas_t and clamscan_t have been merged
>...
2014 Dec 12
0
More avc's wrt to email
...ix? Since the most recent update of clamav I seem to be detecting
more avc's. It may be that it is because I am looking for them more
frequently but it seems to me that something has happened external to my
control.
The most recent things I see are these:
audit2allow -l -a
#============= amavis_t ==============
allow amavis_t sysfs_t:dir read;
allow amavis_t sysfs_t:file open;
#============= clamscan_t ==============
#!!!! The source type 'clamscan_t' can write to a 'dir' of the following types:
# clamscan_tmp_t, clamd_var_lib_t, tmp_t, root_t
allow clamscan_t amavis_spool...
2014 Dec 11
0
CentOS-6 Another email related AVC
...a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep amavisd /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp
[root at inet18 ~ (master #)]# grep amavisd /var/log/audit/audit.log | audit2allow
#============= amavis_t ==============
allow amavis_t shell_exec_t:file { read open };
allow amavis_t sysfs_t:file read;
--
*** E-Mail is NOT a SECURE channel ***
James B. Byrne mailto:ByrneJB at Harte-Lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive...
2015 Oct 27
0
CentOS-6.6 SELinux questions
...along with
providing a backup for our Mailman mailing lists. It also has a slave
named service.
while tracking down a separate problem I discovered these avc
anomalies and ran audit2allow to see what was required to eliminate
them. All the software is either from CentOS or EPEL.
#============= amavis_t ==============
allow amavis_t sysfs_t:dir open;
#============= clamd_t ==============
allow clamd_t sysctl_vm_t:dir search;
#============= mailman_mail_t ==============
#!!!! The source type 'mailman_mail_t' can write to a 'dir' of the
following types:
# mailman_log_t, mailman_dat...