Perhaps your issue is subtly different, so lets try a different approach :)
Type this command:- Code:
grep postfix /var/log/audit.log | audit2allow -M mypostfix2 |
Sorry, that last command was wrong. Should be:-
Code:
audit2allow -M mypostfix2 < /var/log/audit.log |
Code:
grep postfix /var/log/audit.log | audit2allow -M mypostfix2 Code:
semodule -i mypostfix2.pp |
sorry i'm confused :S
could you run those commands back at me? |
Code:
audit2allow -M mypostfix2 < /var/log/audit.log The audit2allow program uses the audit file to identify the errors you want to allow, creating a policy to allow them rather than reject them. Then you can run the semodule -i command to implement this new policy:- Code:
semodule -i mypostfix2.pp |
;(
i don't have audit.log Code:
audit2allow -M mypostfix2 < /var/log/audit.log |
Bugger. My typing again. Try /var/log/audit/audit.log with the double audit.
|
looking via filezilla at the ftp, doesn't look like i have that folder either
|
It is only accessible by the root user. Are you logged in as root? If you can't find it, try this command to locate the location of your SELinux log files:-
Code:
find / -name audit.log -print |
I dont have an audit.log at all anywhere
Code:
[root@HOSTNAME ~]# find / -name audit.log -print |
is that not the "messages" file? where i found these
Code:
Mar 12 06:03:52 HOSTNAME kernel: type=1400 audit(1268373832.566:232533): avc: denied { connectto } for pid=7581 comm="cleanup" path="/var/run/nscd/socket" scontext=unconfined_u:system_r:postfix_cleanup_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket |
Those are errors reported by the kernel, but not the file SELinux error. Here's an example of an audit.log entry from my machine here:-
Code:
type=USER_END msg=audit(1268083802.216:51086): user pid=11884 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct="root" : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)' Try scanning your /var/log directory for files that may contain similar errors:- Code:
grep -l avc /var/log/* |
nope, all the avc messages are in messages logfile;
Code:
grep -l avc /var/log/* |
Perhaps there is a subdirectory (other than audit) that is holding them?
Code:
ls -la /var/log | grep drw |
I take it selinux is disabling access to;
postfix/cleanup[7581]: fatal: open lock file pid/unix.cleanup: cannot open file: Permission denied and thats why i get these errors after it; Mar 12 06:03:53 HOSTNAME postfix/master[7523]: warning: process /usr/libexec/postfix/cleanup pid 7581 exit status 1 Mar 12 06:03:53 HOSTNAME postfix/master[7523]: warning: /usr/libexec/postfix/cleanup: bad command startup -- throttling and that bugfix we tried was suppost to fix this? |
All times are GMT -5. The time now is 03:01 AM. |