search for: exim_t

...all > the trouble and the hours spent to fix the problems it creates? What > about the impact on performance? The main feature is that lots of software is indeed confined (even though your normal login or desktop remains unconfined). This is exactly what happens to exim in your case. It is exim_t not unconfined_t which means when/if it goes crazy (or is exploited) the damage can be limited. For some people it's also useful that it provides the ability to define user types (see "semanage user --list"). /Peter K

Hi, how do I allow exim access to a socket in order to be able to do local deliveries to cyrus? type=AVC msg=audit(1521179280.845:1920270): avc: denied { name_connect } for pid=319 comm="exim" dest=24 scontext=system_u:system_r:exim_t:s0 tcontext=system_u:object_r:lmtp_port_t:s0 tclass=tcp_socket Yet again I could not find any documentation explaining how to do basic things like this :( Selinux is more like a curse than anything else :( Why is there not even a good documentation?

...hours spent to fix the problems it creates? What >> about the impact on performance? > > The main feature is that lots of software is indeed confined (even > though your normal login or desktop remains unconfined). > > This is exactly what happens to exim in your case. It is exim_t not > unconfined_t which means when/if it goes crazy (or is exploited) the > damage can be limited. which is what access rights are for > For some people it's also useful that it provides the ability to define > user types (see "semanage user --list"). How is this usefu...

On 16/03/18 18:37, Alexander Dalloz wrote: > Am 16.03.2018 um 13:09 schrieb hw: >> On 03/16/2018 12:14 PM, Richard Grainger wrote: >>>> Yet again I could not find any documentation explaining how to do basic >>>> things like this :(? Selinux is more like a curse than anything else >>>> :( Why >>>> is there not even a good documentation?