Re: Question about split betweeen delivered and local policy
On 07/09/2009 03:51 PM, Daniel Fazekas wrote:
On Jul 9, 2009, at 21:36, David Highley wrote:
> For example, email seems to always need selinux policy changes so that
> avc's are not blocking spamassassin and pyzor.
SpamAssassin and Pyzor should be working fine without any further
tweaking since some Fedora releases ago. Some time around Fedora 8 or 9.
Are you using the spamassassin service (spamd)?
Are the relevant spamassassin selinux bools enabled?
# getsebool -a | grep spam
spamassassin_can_network --> on
spamd_enable_home_dirs --> on
If they still don't work properly this way, you should check if the
contexts went wrong with some files in the home directories.
restorecon -Rv /root /home
I think if you aren't doing anything unusual yet basic packages break,
the recommended course of action is to file a Bugzilla report rather
than try and patch it with your custom local policy.
--
fedora-selinux-list mailing list
fedora-selinux-list(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Well as we move forward
we are putting more and more labels in the homedir. So just maintaining the labels on the
Homedir, from Previous to new is not going to work.
If we ever want to get confined user applications to work in the homedir, we got to get a
mechanism to set these labels at creation time. In Rawhide right now, I have a
restorecond running in user space watching for creation of files in the homedir to make
sure they are labeled correct. So if a user just executes mkdir .ssh or mkdir public_html
it gets labeled correctly without the user having to be an SELinux expert. Similarly
tools like firefox/nsplugin and other tools rely on the homedir being correctly labeled to
add confinement.