The process exim running with the the selinux context exim_t is trying
to access the directory /proc/net which has the selinux context
sysctl_net_t.
Causing selinux to block access to directory, because the source context
is different from the destination context. Redhat has a package that
update
On Mon, 17 Jul 2017 21:33:29 +0200, Maarten wrote:
>Wel is exim able to do what it is supposed to do as an
>mta(transfer/transport mail) with selinux blocking this? If not you
>could create a custom selinux policy for it. If it is able to do what is
>supposed to and you aren't running into any un
Wel is exim able to do what it is supposed to do as an
mta(transfer/transport mail) with selinux blocking this? If not you
could create a custom selinux policy for it. If it is able to do what is
supposed to and you aren't running into any unwanted results you can
just leave it. I got selinux block
On Mon, 17 Jul 2017 20:22:05 +0200, Maarten wrote:
>You could use audit to allow to see what you need to allow it:
>
>cat /var/log/audit/audit.log | audit2allow.
Thanks, that helps. The log entry recommends
ausearch -c 'exim' --raw |audit2allow, so I've tried that and got
libsepol.sepol_string
I think he maybe meant audit2allow? Which you would need this package
for: policycoreutils-python
On 07/17/2017 08:39 PM, Stephen Isard wrote:
> Thanks, but I can't find audit2text in the sl7 or epel repositories.
> "yum search audit2text" and "yum provides '*/audit2text'" both come up
> blank.
Thanks, but I can't find audit2text in the sl7 or epel repositories.
"yum search audit2text" and "yum provides '*/audit2text'" both come up
blank. Can you tell me where to get it?
On Mon, 17 Jul 2017, Paul Robert Marino prmarino1-at-gmail.com |Scientific
Linux| wrote:
It looks like you may
You could use audit to allow to see what you need to allow it:
cat /var/log/audit/audit.log | audit2allow.
This output my advise you to enable a certain boolean instead of
creating your own policy or changing the selinux context on a certain
dir structure.
And then create your own selinux policy
It looks like you may be right that it's /proc/net
Have you tried using the python audit tools such as audit2text to analyze them
they can make it a lot easier to understand what's going on, though they
usually don't tell you if there is a bool you can flip to fix it.
That tool still needs to
On two SL7.3 systems where I have set exim as my mta alternative, I am
getting a lot of entries in /var/log/messages saying "SELinux is
preventing /usr/bin/exim from search access on the directory net", with
the usual accompanying "if you believe that exim should be allowed..."
stuff, but the l
