[prev in list] [next in list] [prev in thread] [next in thread] 

List:       spamassassin-users
Subject:    Re: spamd Will Not Create unix:socket
From:       "Bill Cole" <sausers-20150205 () billmail ! scconsult ! com>
Date:       2017-11-28 20:16:31
Message-ID: 37009DA4-B42A-4FC1-9778-30D6AE6F070E () billmail ! scconsult ! com
[Download RAW message or body]

On 28 Nov 2017, at 12:15, Colony.three wrote:
[...]
>
> My God.  It's full of stars!
>
> This fixed the spamass-milter problem.  And it seems to be the correct =

> way to fix the hundreds of other SELinux errors I have.
>
> You take this box, and put it through a magic tunnel and see if it =

> looks right.  If it does you put the box through another magic tunnel =

> where it becomes a robot.  Then turn on the robot.
>
> You don't need to know what the box really means nor what the magic =

> tunnel does.  Even though it's retail (one-by-one), it does fix it =

> permanently.

You can find slightly more detailed (but still generic) explanations of =

how to use audit2allow:

http://danwalsh.livejournal.com/24750.html
https://wiki.centos.org/HowTos/SELinux#head-faa96b3fdd922004cdb988c1989e5=
6191c257c01
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/=
html/selinux_users_and_administrators_guide/sect-security-enhanced_linux-=
troubleshooting-fixing_problems#sect-Security-Enhanced_Linux-Fixing_Probl=
ems-Allowing_Access_audit2allow

The first is by the pre-eminent expert on SELinux. It also provides a =

strong clue as to where to look for human help with SELinux for people =

who are not paying RedHat. The surrounding documents for both the CentOS =

link and the RedHat link explain more of the details of what's inside =

the box and what the magic tunnels do.

But yes, mandatory access control systems are inherently extremely =

complex and so you have a choice between mystified surrender, heavy =

education, or opaque boxes and magic tunnels.
[prev in list] [next in list] [prev in thread] [next in thread]