Scenario Rebuilt server fresh F8 install then yum update.
Below follows myexim01.te Original AVC(s) can be included if necessary. ======================================================
module myexim01 1.0;
require { type system_crond_t; type system_mail_t; type system_crond_var_run_t; type audisp_t; type system_mail_tmp_t; type exim_t; class capability sys_nice; class fifo_file getattr; class file { read append }; }
#============= audisp_t ============== allow audisp_t self:capability sys_nice;
#============= exim_t ============== allow exim_t system_crond_t:fifo_file getattr; allow exim_t system_mail_tmp_t:file read;
#============= system_mail_t ============== allow system_mail_t system_crond_var_run_t:file append;
=========================================================
Frank
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Frank Murphy wrote:
Scenario Rebuilt server fresh F8 install then yum update.
Below follows myexim01.te Original AVC(s) can be included if necessary. ======================================================
module myexim01 1.0;
require { type system_crond_t; type system_mail_t; type system_crond_var_run_t; type audisp_t; type system_mail_tmp_t; type exim_t; class capability sys_nice; class fifo_file getattr; class file { read append }; }
#============= audisp_t ============== allow audisp_t self:capability sys_nice;
#============= exim_t ============== allow exim_t system_crond_t:fifo_file getattr; allow exim_t system_mail_tmp_t:file read;
#============= system_mail_t ============== allow system_mail_t system_crond_var_run_t:file append;
=========================================================
Frank
Yes these look fine.
Just FYI, I found that I needed the following additional bits in order to get exim and spamassassin working without spewing AVCs on F9:
module local 1.0;
require { type exim_spool_t; type spamd_t; type exim_t; class dir { write search read remove_name create getattr add_name }; class file { rename setattr read create ioctl write getattr link unlink append }; }
#============= spamd_t ============== allow spamd_t exim_spool_t:dir { write search read remove_name create getattr add_name }; allow spamd_t exim_spool_t:file { rename setattr read create getattr write ioctl link unlink append };
- J<
selinux@lists.fedoraproject.org