Red Hat DIRECTORY SERVER 2.0 - GATEWAY Spécifications télécharger pdf (Page 64)

EMC Secure Remote Support Gateway for Linux Release 2.24 Operations Guide

Gateway Client Server Preparation

4. To stage the change to Postfix, run:

[root@localhost audit]# cd /opt/emc/esrs2

[root@localhost esrs2]# grep local_t

/var/log/audit/audit.log | audit2allow -m postfixlocal

> postfixlocal.te

Figure 35 Staging the change to Postfix

5. To create the selinux module, run:

[root@localhost esrs2]# cat postfixlocal.te

module postfixlocal 1.0;

require {

type postfix_local_t;

type usr_t;

class capability chown;

class dir { write remove_name add_name };

class file { write create unlink setattr append

};

}

#============= postfix_local_t ==============

allow postfix_local_t self:capability chown;

#!!!! The source type 'postfix_local_t' can write to a

'dir' of the following types:

# var_run_t, user_home_t, dovecot_spool_t,

mailman_data_t, tmp_t, user_home_dir_t,

postfix_local_tmp_t, nfs_t, mail_spool_t

allow postfix_local_t usr_t:dir { write remove_name

add_name };

allow postfix_local_t usr_t:file { write create unlink

append setattr };

Figure 36 Creating the selinux module

6. Run:

[root@localhost esrs2]# grep local_t

/var/log/audit/audit.log | audit2allow -M postfixlocal

******************** IMPORTANT ***********************

To make this policy package active, run:

semodule -i postfixlocal.pp

Figure 37 Making policy package active

1 2 ... 59 60 61 62 63 64 65 66 67 68 69 ... 111 112

Pas de commentaire

Red Hat DIRECTORY SERVER 2.0 - GATEWAY Spécifications Page 64