Displaying 5 results from an estimated 5 matches for "shell_exec_t".
Did you mean:
shell_exec
2014 Dec 05
2
Postfix avc (SELinux)
...eeded to handle this? I could not find one if there is but. . .
>>
> Anyone see any problem with generating a custom policy consisting of the
> following?
>
> grep avc /var/log/audit/audit.log | audit2allow
>
>
> #============= amavis_t ==============
> allow amavis_t shell_exec_t:file execute;
> allow amavis_t sysfs_t:dir search;
>
> #============= clamscan_t ==============
> allow clamscan_t amavis_spool_t:dir read;
In the latest rhel6 policies amavas_t and clamscan_t have been merged
into antivirus_t? Is you selinux-policy up 2 date?
> #============= logwa...
2014 Dec 04
3
Postfix avc (SELinux)
I am seeing these avc messages on a newly commissioned and up-to-date CentOs-6
virtual guest:
----
time->Thu Dec 4 12:14:58 2014
type=SYSCALL msg=audit(1417713298.610:60522): arch=c000003e syscall=2
success=no exit=-13 a0=7fd70e6de1e6 a1=0 a2=1b6 a3=0 items=0 ppid=2698
pid=4294 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=(none) ses=2784 comm="trivial-rewrite"
2014 Dec 04
0
Postfix avc (SELinux)
...or is there some boolean setting
> needed to handle this? I could not find one if there is but. . .
>
Anyone see any problem with generating a custom policy consisting of the
following?
grep avc /var/log/audit/audit.log | audit2allow
#============= amavis_t ==============
allow amavis_t shell_exec_t:file execute;
allow amavis_t sysfs_t:dir search;
#============= clamscan_t ==============
allow clamscan_t amavis_spool_t:dir read;
#============= logwatch_mail_t ==============
allow logwatch_mail_t usr_t:lnk_file read;
#============= postfix_master_t ==============
allow postfix_master_t tmp_t...
2014 Dec 05
0
Postfix avc (SELinux)
...ind one if there is but. . .
>>>
>> Anyone see any problem with generating a custom policy consisting of the
>> following?
>>
>> grep avc /var/log/audit/audit.log | audit2allow
>>
>>
>> #============= amavis_t ==============
>> allow amavis_t shell_exec_t:file execute;
>> allow amavis_t sysfs_t:dir search;
>>
>> #============= clamscan_t ==============
>> allow clamscan_t amavis_spool_t:dir read;
> In the latest rhel6 policies amavas_t and clamscan_t have been merged
> into antivirus_t? Is you selinux-policy up 2 date?...
2014 Dec 11
0
CentOS-6 Another email related AVC
...module to allow this access.
Do
allow this access for now by executing:
# grep amavisd /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp
[root at inet18 ~ (master #)]# grep amavisd /var/log/audit/audit.log | audit2allow
#============= amavis_t ==============
allow amavis_t shell_exec_t:file { read open };
allow amavis_t sysfs_t:file read;
--
*** E-Mail is NOT a SECURE channel ***
James B. Byrne mailto:ByrneJB at Harte-Lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton,...