Paul Cocker wrote: > Thanks for the pointer, but I think I'll try and solve the issue. Once > the server goes live it will be next to impossible to ever switch > SELinux back on, while it's undergoing build I can happily try and > figure this stuff out and better understand it for next time.
A crash course in SElinux hacks :) http://www.anchor.com.au/hosting/dedicated/SELinux_management It's all well and good until you try and deviate from a vanilla config. I'd suspect that either the SElinux labels on the disclaimer file/s are wrong (use -Z on ls to check), or you'll need to add some allowances for those actions. Check out the "Changing the policies" section in particular. When fixing things, get your SElinux error messages from /var/log/audit/audit.log instead of /var/log/messages, there's less crap to sift through. Based on your AVC entries, audit2allow produces this: #============= postfix_pipe_t ============== allow postfix_pipe_t postfix_etc_t:file execute; allow postfix_pipe_t postfix_public_t:sock_file write; You can roll a module from that and try again. If it still doesn't work, keep making modules until it does. When you get thoroughly fed up, you can disable SElinux altogether!
signature.asc
Description: OpenPGP digital signature
