Specifications
64
EMC Secure Remote Support Gateway for Linux Release 2.24 Operations Guide
Gateway Client Server Preparation
4. To stage the change to Postfix, run:
[root@localhost audit]# cd /opt/emc/esrs2
[root@localhost esrs2]# grep local_t
/var/log/audit/audit.log | audit2allow -m postfixlocal
> postfixlocal.te
Figure 35 Staging the change to Postfix
5. To create the selinux module, run:
[root@localhost esrs2]# cat postfixlocal.te
module postfixlocal 1.0;
require {
type postfix_local_t;
type usr_t;
class capability chown;
class dir { write remove_name add_name };
class file { write create unlink setattr append
};
}
#============= postfix_local_t ==============
allow postfix_local_t self:capability chown;
#!!!! The source type 'postfix_local_t' can write to a
'dir' of the following types:
# var_run_t, user_home_t, dovecot_spool_t,
mailman_data_t, tmp_t, user_home_dir_t,
postfix_local_tmp_t, nfs_t, mail_spool_t
allow postfix_local_t usr_t:dir { write remove_name
add_name };
allow postfix_local_t usr_t:file { write create unlink
append setattr };
Figure 36 Creating the selinux module
6. Run:
[root@localhost esrs2]# grep local_t
/var/log/audit/audit.log | audit2allow -M postfixlocal
******************** IMPORTANT ***********************
To make this policy package active, run:
semodule -i postfixlocal.pp
Figure 37 Making policy package active