I'm busy setting up amavisd-new on a CentOS 5.0 box - and believe I've got it working well enough that I can switch selinux enforcing back on again.
I've done the usual- - grab a chunk of the audit.log that is relevant to all the actions that would be denied. - do 'cat audit.log | audit2allow -M amavis' to generate the module - amavis.te looks like: module amavis 1.0; require { class dir { add_name getattr read remove_name search write }; class file { create execute execute_no_trans getattr lock read rename unlink write }; class filesystem getattr; class lnk_file read; type amavis_t; type fs_t; type mqueue_spool_t; type sbin_t; type sendmail_exec_t; type var_lib_t; role system_r; }; allow amavis_t fs_t:filesystem getattr; allow amavis_t mqueue_spool_t:dir { add_name getattr read remove_name search write }; allow amavis_t mqueue_spool_t:file { create getattr lock read rename unlink write }; allow amavis_t sbin_t:lnk_file read; allow amavis_t sendmail_exec_t:file { execute execute_no_trans read }; allow amavis_t var_lib_t:dir search; - now I do 'semodule -i amavis.pp' to load the module- but instead of working I instead get this error: libsepol.print_missing_requirements: amavis's global requirements were not met: type/attribute amavis_t libsemanage.semanage_link_sandbox: Link packages failed semodule: Failed! Anyone know the next step I'm supposed to take to fix this? Previous modules I've made have just happily loaded at that point... Cheers, Tony _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos