Linux System Administration and Security » SELinux http://www.jasonbrown.us Tue, 31 Jan 2012 02:58:29 +0000 en hourly 1 http://wordpress.org/?v=3.3.1 Editing SELinux Policies http://www.jasonbrown.us/2010/02/editing-selinux-policies/ http://www.jasonbrown.us/2010/02/editing-selinux-policies/#comments Mon, 15 Feb 2010 17:46:55 +0000 jason http://www.jasonbrown.us/?p=8 There are times where SELinux just does not want to play nice. For instance, after installing ClamAV I began running into problems where if I did not turn off SELinux while ClamAV was running, then SMTP traffic would fail. To fix this issue we must first look at the messages file under /var/log. Within this file we will see error messages like:
setroubleshoot: SELinux is preventing cleanup (postfix_cleanup_t) "search" to ./clamav (clamd_var_lib_t).

Which tells you to run the command:
sealert -l a1bc9b39-80a2-4f2e-963f-12daf766a8d4

Usually the report is very good and diagnosing and telling you which booleans to activate, however in this instance we have to create our own module.

First: Download and install selinux-policy-devel
Second: Parse through the raw audit messages. We are looking for two things; message type and comm name.
Third: Run the ausearch command and pipe it to audit2allow
For instance: ausearch -m AVC --comm cleanup | audit2allow -M ClamAV

Once the files have been generated then run: semodule -i ClamAV.pp and see if the problem has been resolved. If not, tail the messages log again to see if there is any additional SEAlerts that you should be aware of.

Post to Twitter

]]> http://www.jasonbrown.us/2010/02/editing-selinux-policies/feed/ 0