Hi Tony,
I already tried to run SELinux in permissive mode and it works as
expected but when I enforce it, the program reports that error and there
are not AVC denied.
Il 02/12/22 12:04, Tony Albers ha scritto:
Hello,
First, try setting SELinux in permissive mode globally to see if that changes
anything:
root@host:# setenforce 0
The run your program and let it do what it wants to do. If you still get
errors, then SELinux is not the issue(at least not the whole issue).
HTH
/tony
On Fri, 2 Dec 2022 11:24:53 +0100
Alessandro Baggi <[email protected]> wrote:
Hi,
I'm running AlmaLinux 9.1 on VM to play with SELinux and trying to
create a custom policy for an app. This app is written in Python and
wait files to be processed (uploaded via sftp from another host). It
read data from this file and then save them on postgresql DB. If
something is wrong with the data, it will send an email.
I followed this:
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/using_selinux/writing-a-custom-selinux-policy_using-selinux
Generating a custom policy, a permissive line is inserted in the policy:
permissive example_t;
that, if I'm not wrong, also if denials are found it runs the policy as
permissive.
Commenting this line and reload the policy my program does not work
anymore and I receive this error:
psycopg2.connect(127.0.0.1): could not receive data from server:
Permission denied
could not send SSL negotiation packet: Permission denied
The strange thing is that if I run:
# ausearch -m AVC -ts recent
I don't receive new denied AVC.
I tried also to read PostgreSQL side logs but nothing useful.
Can someone point me in the right direction?
Thank you in advance.
_______________________________________________
AlmaLinux Users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
