On Fri, 28 Apr 2017, Gordon Messmer wrote:

On 04/28/2017 12:06 AM, Robert Moskowitz wrote:

 Here are the messages I got:

 type=AVC msg=audit(1493361695.041:49205): avc:  denied  { rlimitinh } for
 pid=3047 comm="cleanup" scontext=system_u:system_r:postfix_master_t:s0
 tcontext=system_u:system_r:postfix_cleanup_t:s0 tclass=process
 permissive=1


My advice would be to slow down, and solve one problem at a time. We were talking about testing dovecot, and now you're testing postfix. I know you need them both to work, but these are separate services, with their own individual policies. If you're going to submit a bug report, you need to be able to specifically describe the problem and the solution. You're not going to do that by mixing different services together.

 sendmail -i test...@test.htt-consult.com <
 /usr/share/doc/amavisd-new-2.10.1/test-messages/README

 It failed accessing mysql with the following maillog messages:

Yes, but the policy you added earlier only granted MySQL access to dovecot. For postfix, you'll want to check for booleans first and then create a policy (without debugging AVCs) if no boolean exists, and then look at debugging AVCs if there are still issues (which is *almost* never the case).


 When I get home Monday, I am going to rebuild the server.

That would be good. Keep a log of *all* of the changes you make to the system, from the very beginning. Once you resolve the problem, rebuild the server again and follow your log.

+1 to what Gordon said. It is the only way you are going to figure it out.

You could use something like Ansible so that you can rebuild the server the
same way in about 20 minutes. Yes, it takes time to get Ansible or something
similar to work but once you do, you can build the same thing as many times
as you need and they are always the same.

Just a thought.

Regards,

--
Tom                     m...@tdiehl.org         Spamtrap address                
        me...@tdiehl.org
_______________________________________________
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Reply via email to