Hello, First, try setting SELinux in permissive mode globally to see if that changes anything:
root@host:# setenforce 0 The run your program and let it do what it wants to do. If you still get errors, then SELinux is not the issue(at least not the whole issue). HTH /tony On Fri, 2 Dec 2022 11:24:53 +0100 Alessandro Baggi <[email protected]> wrote: > Hi, > > I'm running AlmaLinux 9.1 on VM to play with SELinux and trying to > create a custom policy for an app. This app is written in Python and > wait files to be processed (uploaded via sftp from another host). It > read data from this file and then save them on postgresql DB. If > something is wrong with the data, it will send an email. > > I followed this: > > https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/using_selinux/writing-a-custom-selinux-policy_using-selinux > > Generating a custom policy, a permissive line is inserted in the policy: > > permissive example_t; > > that, if I'm not wrong, also if denials are found it runs the policy as > permissive. > > Commenting this line and reload the policy my program does not work > anymore and I receive this error: > > psycopg2.connect(127.0.0.1): could not receive data from server: > Permission denied > could not send SSL negotiation packet: Permission denied > > > The strange thing is that if I run: > > # ausearch -m AVC -ts recent > > I don't receive new denied AVC. > > I tried also to read PostgreSQL side logs but nothing useful. > > Can someone point me in the right direction? > > Thank you in advance. > > _______________________________________________ > AlmaLinux Users mailing list -- [email protected] > To unsubscribe send an email to [email protected] -- Tony Albers <[email protected]>
