selinux、鸽子和筛子

selinux、鸽子和筛子

我刚刚开始学习配置 SELINUX,今天早上在我的 CentOS 6.4 x64 系统上,安装了 postfix/dovecot/mysql,我醒来时遇到以下 selinux 问题

found 1 alerts in /var/log/audit/audit.log
----------------------------------------------------------------------------

SELinux is preventing /usr/libexec/dovecot/lmtp from write access on the directory sieve.

*****  Plugin catchall (100. confidence) suggests    ***************************

If you believe that lmtp should be allowed write access on the sieve directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep lmtp /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp
# semodule -i mypol.pp

当我跑步时

grep lmtp /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp

我明白了

module dovecot 1.0;
require {
        type dovecot_etc_t;
        type dovecot_t;
        class dir write;
}
#============= dovecot_t ==============
allow dovecot_t dovecot_etc_t:dir write;

然后当我跑步时

semodule -i mypol.pp

我明白了

libsepol.print_missing_requirements: dovecot's global requirements were not
met: type/attribute dovecot_etc_t (No such file or directory).
libsemanage.semanage_link_sandbox: Link packages failed (No such file or directory).
semodule:  Failed!

这过去对我有用,但这次却难倒了我:s。有人能把我推向正确的方向吗?

答案1

看起来 dovecot 策略未加载,请加载它以获得所需的模块。如果这没有帮助,请确保您正在运行的内核与最新更新的内核相同(例如重新启动),并将 selinux-policy 更新到最新版本并确保它已成功加载。

相关内容