search for: myservice_policy

...how do I determine what is currently in > place and how do I add your stuff (changing postgresql with mysql, nat.) > > thanks Quick?n?(really) dirty SELinux howto: 1) Run the service. fails due to missing selinux policy. 2) grep service_pattern /var/log/audit/audit.log | audit2allow -M myservice_policy 3) do what output says. (semodule -i myservice_policy.pp normally) 4) goto 1. That way, you?ll create and allow step by step necessary rights so your service ends up running normaly. The content I gave you is from mydovecot.te (human readable version of .pp created by audit2allow). After a quick...

...how do I add your stuff (changing postgresql with mysql, nat.) > >> > >> thanks > > Quick?n?(really) dirty SELinux howto: > > 1) Run the service. fails due to missing selinux policy. > > 2) grep service_pattern /var/log/audit/audit.log | audit2allow -M > > myservice_policy > > Do you really mean 'service_pattern', or is this a placeholder for > something like mysql? > > As I get 'Nothing to do' placeholder which changes according to your needs. -- Laurent Wandrebeck <l.wandrebeck at quelquesmots.fr>

...stuff (changing postgresql with mysql, nat.) >>>> >>>> thanks >>> Quick?n?(really) dirty SELinux howto: >>> 1) Run the service. fails due to missing selinux policy. >>> 2) grep service_pattern /var/log/audit/audit.log | audit2allow -M >>> myservice_policy >> Do you really mean 'service_pattern', or is this a placeholder for >> something like mysql? >> >> As I get 'Nothing to do' > placeholder which changes according to your needs. I just made it worst. I put in mysql for myservice_policy, got a /pp and di...

...urrently in >> place and how do I add your stuff (changing postgresql with mysql, nat.) >> >> thanks > Quick?n?(really) dirty SELinux howto: > 1) Run the service. fails due to missing selinux policy. > 2) grep service_pattern /var/log/audit/audit.log | audit2allow -M > myservice_policy Do you really mean 'service_pattern', or is this a placeholder for something like mysql? As I get 'Nothing to do' > 3) do what output says. (semodule -i myservice_policy.pp normally) > 4) goto 1. That way, you?ll create and allow step by step necessary > rights so your...

On 04/25/2017 06:45 PM, Gordon Messmer wrote: > On 04/25/2017 01:58 AM, Laurent Wandrebeck wrote: >> Quick?n?(really) dirty SELinux howto: > > > Alternate process: > > 1: setenforce permissive > 2: tail -f /var/log/audit/audit.log | grep AVC > 3: use the service, exercise each function that's constrained by the > existing policy > 4: copy and paste the

Le mardi 25 avril 2017 ? 10:04 +0200, Robert Moskowitz a ?crit : > I thought I had this fixed, but I do not. I was away from this problem > working on other matters, and came back (after a reboot) and it is still > there, so I suspect when I thought I had it 'fixed' I was running with > setenforce 0 from another problem (that is fixed). > > So anyone know how to get

...the output from the terminal used for #2 into > "audit2allow -M <modulename>" > 5: setenforce enforcing > > This process is less iterative, which can save a *lot* of time > building some policies. This made the same content as before that caused problems: module myservice_policy 1.0; require { type dovecot_t; type mysqld_etc_t; type mysqld_t; class unix_stream_socket connectto; class file { getattr open read }; class dir read; } #============= dovecot_t ============== allow dovecot_t mysqld_etc_t:dir read; allow dovecot_t mysqld_etc_t:file {...