Problem with SELinux and Postfix (sending from Python scripts)
Daniel J Walsh
dwalsh at redhat.com
Wed May 3 17:27:01 UTC 2006
Jeff Coffler wrote:
>>> Is this an SELinux policy problem? How can I go about fixing this?
>>> I'd prefer to run with SELinux enabled ...
>>>
>> # grep postfix_spool /var/log/message | audit2allow -M postfixpickup
>> # semodule -i postfixpickup.pp
>>
>> Will fix it for now.
>>
>> I will update policy to allow searching of this directory
>
> Hmm, this didn't work ...
>
> [root jeff]# grep postfix_spool /var/log/messages | audit2allow -M
> postfixpickup
> Generating type enforcment file: postfixpickup.te
> Compiling policy
> checkmodule -M -m -o postfixpickup.mod postfixpickup.te
> semodule_package -o postfixpickup.pp -m postfixpickup.mod
>
> ******************** IMPORTANT ***********************
>
> In order to load this newly created policy package into the kernel,
> you are required to execute
>
> semodule -i postfixpickup.pp
>
>
> [root jeff]# semodule -i postfixpickup.pp
> slimserver homedir /usr/local/slimserver or its parent directory
> conflicts with a
> defined context in /etc/selinux/targeted/contexts/files/file_contexts,
> /usr/sbin/genhomedircon will not create a new context.
> [root jeff]# grep -i slim
> /etc/selinux/targeted/contexts/files/file_contexts
> [root jeff]#
>
> I'm not sure why it's complaining about slimserver since there's no
> "slim" in that file. I could deinstall that to do the semodule
> command, then reinstall. Or I could wait until you guys push out the
> next SELinux policy, then enable SELinux.
>
> Suggestions?
>
> Thanks!
>
> -- Jeff
Is there a password entry for slimserver? If yes make sure it has a
shell of /sbin/nologin or /bin/false. Then you can run genhomedircon
More information about the fedora-selinux-list
mailing list