Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- cat /var/log/audit/audit.log | audit2why
- audit2allow -M altermime < /var/log/audit/audit.log
- semodule -i altermime.pp
- type=AVC msg=audit(1409231063.712:263024): avc: denied { add_name } for pid=21280 comm="disclaimer" name="in.21279" scontext=unconfined_u:system_r:postfix_pipe_t:s0 tcontext=unconfined_u:object_r:var_spool_t:s0 tclass=dir
- Was caused by:
- Missing type enforcement (TE) allow rule.
- You can use audit2allow to generate a loadable module to allow this access.
- type=AVC msg=audit(1409231065.905:263025): avc: denied { add_name } for pid=21285 comm="disclaimer" name="in.21284" scontext=unconfined_u:system_r:postfix_pipe_t:s0 tcontext=unconfined_u:object_r:var_spool_t:s0 tclass=dir
- Was caused by:
- Missing type enforcement (TE) allow rule.
- You can use audit2allow to generate a loadable module to allow this access.
- type=AVC msg=audit(1409231067.380:263026): avc: denied { add_name } for pid=21289 comm="disclaimer" name="in.21288" scontext=unconfined_u:system_r:postfix_pipe_t:s0 tcontext=unconfined_u:object_r:var_spool_t:s0 tclass=dir
- Was caused by:
- Missing type enforcement (TE) allow rule.
- You can use audit2allow to generate a loadable module to allow this access.
- semodule -l | grep mymodulename
- semodule -r names_of_modules_returned_from_prior_command
- setenforce 0
- echo "" >/var/log/audit.log
- cat /var/log/audit/audit.log | audit2allow -m yourname >yourname.te
- checkmodule -M -m -o yourname.mod yourname.te
- semodule_package -m yourname.mod -o yourname.pp
- semodule -i yourname.pp
- cat /var/log/audit/audit.log | audit2why
- setenforce 1
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement