Hi Dulux-Oz, On 4 Dec 2023, at 9:52, duluxoz via Postfix-users wrote:
> Its Rocky v9.1 > thanks, this helps as a reference. > That's the funny thing: I've done an `audit2allow -a` and all of the 'errors' > are accounted for by update policys, and the suggested `ausearch` produces > nothing - zip, narda, nilĀ :-( There might be SELinux policy rules with a "donotaudit" flag that cause this issue. Try to disable the "donotaudit" feature with sudo semodule -DB and wait for the error to occur again, then check the audit logs. Creating new policy rules with "audit2allow" should only be used in rare conditions, most of the time the policy can be configured using additional file-context, ports or booleans. Reading and understanding the audit log entries does help getting a good and secure SELinux deployment. You can enable the "donotaudit" rule flags once the issue is resolved with sudo selinux -B Greetings Carsten Strotmann _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
