aduitd failing to start
Daniel J Walsh
dwalsh at redhat.com
Thu Mar 20 20:28:37 UTC 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Pad Hosmane wrote:
>
>> Can I know why email option is not working?
>
> The email option should work assuming that SE Linux policy allows it. I
> just checked the source code. If the email address has a '@' symbol,
> auditd calls gethostbyname to make sure that you don't have a typo in
> the email address and it can't send an email when it needs to. Since SE
> Linux policy fails that, it rejects that address and then in turn fails
> the startup to let you know that you have something wrong in the
> configuration.
>
> There's possibly a workaround where you use a local alias that
> sendmail/postfix resolves into your real email address. This way you do
> not need an email address with a '@' in it. This should be temporary
> until policy is fixed.
>
> Also, when it does come time for auditd to send its first email, we
> still need a transition from auditd to a mta domain. Auditd calls
> /usr/lib/sendmail if that matters to anyone.
>
> -Steve
>
>
> Hi Steve,
> Thanks a lot for all the help. I truly appreciate your help and all
> others who helped me to resolve the issue.
>
> Thanks.
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Current audit policy allows the transition to an mta
(mta_send_mail(auditd_t)
It did not however allow the communications with dns, as you stated.
Fixes in
selinux-policy-2.4.6-126.el5
selinux-policy-3.0.8-95.fc8
selinux-policy-3.3.1-22.fc9
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkfiyPUACgkQrlYvE4MpobPejgCfe+GB7VG9gT639fFLesl0bBht
v6MAn2FyU5be/TXTQrHJ4TcqjBQIv6pV
=bh9N
-----END PGP SIGNATURE-----
More information about the fedora-selinux-list
mailing list