February 2020
Intermediate to advanced
666 pages
15h 45m
English
Content preview from Mastering Linux Security and Hardening - Second Edition
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Creating custom policy modules
Sometimes, you'll run into a problem that you can't fix either by changing the type or by setting a Boolean. In times like these, you'll need to create a custom policy module, and you'll use the audit2allow utility to do that.
The following is a screenshot of a problem I had several years ago, when I was helping a client set up a Postfix mail server on CentOS 7:
So, for some strange reason that I never understood, SELinux wouldn't allow Dovecot, the Mail Delivery Agent (MDA) component of the mail server, to read its own dict file. There's no Boolean to change and there wasn't a type problem, so setroubleshoot ...