Hi Alessandro, Ok, then you should try to tail /var/log/audit/audit.log to see what happens in there. Your ausearch command migth have the wrong flags set and therefore does not show you the errors. You might want to try 'ausearch -m ALL -ts recent' too.
HTH /tony On Fri, 2 Dec 2022 12:18:46 +0100 Alessandro Baggi <[email protected]> wrote: > Hi Tony, > > I already tried to run SELinux in permissive mode and it works as > expected but when I enforce it, the program reports that error and there > are not AVC denied. > > Il 02/12/22 12:04, Tony Albers ha scritto: > > Hello, > > > > First, try setting SELinux in permissive mode globally to see if that > > changes anything: > > > > root@host:# setenforce 0 > > > > The run your program and let it do what it wants to do. If you still get > > errors, then SELinux is not the issue(at least not the whole issue). > > > > HTH > > > > /tony > > > > On Fri, 2 Dec 2022 11:24:53 +0100 > > Alessandro Baggi <[email protected]> wrote: > > > >> Hi, > >> > >> I'm running AlmaLinux 9.1 on VM to play with SELinux and trying to > >> create a custom policy for an app. This app is written in Python and > >> wait files to be processed (uploaded via sftp from another host). It > >> read data from this file and then save them on postgresql DB. If > >> something is wrong with the data, it will send an email. > >> > >> I followed this: > >> > >> https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/using_selinux/writing-a-custom-selinux-policy_using-selinux > >> > >> Generating a custom policy, a permissive line is inserted in the policy: > >> > >> permissive example_t; > >> > >> that, if I'm not wrong, also if denials are found it runs the policy as > >> permissive. > >> > >> Commenting this line and reload the policy my program does not work > >> anymore and I receive this error: > >> > >> psycopg2.connect(127.0.0.1): could not receive data from server: > >> Permission denied > >> could not send SSL negotiation packet: Permission denied > >> > >> > >> The strange thing is that if I run: > >> > >> # ausearch -m AVC -ts recent > >> > >> I don't receive new denied AVC. > >> > >> I tried also to read PostgreSQL side logs but nothing useful. > >> > >> Can someone point me in the right direction? > >> > >> Thank you in advance. > >> > >> _______________________________________________ > >> AlmaLinux Users mailing list -- [email protected] > >> To unsubscribe send an email to [email protected] > > > > > _______________________________________________ > AlmaLinux Users mailing list -- [email protected] > To unsubscribe send an email to [email protected] -- Tony Albers <[email protected]>
