I'm busy setting up amavisd-new on a CentOS 5.0 box - and believe I've
got it working well enough that I can switch selinux enforcing back on
again.

I've done the usual-

- grab a chunk of the audit.log that is relevant to all the actions
that would be denied.

- do 'cat audit.log | audit2allow -M amavis' to generate the module

- amavis.te looks like:

module amavis 1.0;

require {
       class dir { add_name getattr read remove_name search write };
       class file { create execute execute_no_trans getattr lock read
rename unlink write };
       class filesystem getattr;
       class lnk_file read;
       type amavis_t;
       type fs_t;
       type mqueue_spool_t;
       type sbin_t;
       type sendmail_exec_t;
       type var_lib_t;
       role system_r;
};

allow amavis_t fs_t:filesystem getattr;
allow amavis_t mqueue_spool_t:dir { add_name getattr read remove_name
search write };
allow amavis_t mqueue_spool_t:file { create getattr lock read rename
unlink write };
allow amavis_t sbin_t:lnk_file read;
allow amavis_t sendmail_exec_t:file { execute execute_no_trans read };
allow amavis_t var_lib_t:dir search;

- now I do 'semodule -i amavis.pp' to load the module- but instead of
working I instead get this error:

libsepol.print_missing_requirements: amavis's global requirements were
not met: type/attribute amavis_t
libsemanage.semanage_link_sandbox: Link packages failed
semodule:  Failed!

Anyone know the next step I'm supposed to take to fix this? Previous
modules I've made have just happily loaded at that point...

Cheers,

Tony
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Reply via email to