System I/O error (in reply to end of DATA command) for LMTP delivery
Jason L Tibbitts III
tibbs at math.uh.edu
Fri Jun 1 20:21:08 EDT 2018
>>>>> "SI" == Stephen Ingram <sbingram at gmail.com> writes:
SI> I did turn it off just to see what happened, but it was not
SI> the problem. Nice though, because I learned how to relabel a volume
SI> to get back in the good graces of SELinux.
Well, just using setenforce doesn't disable selinux; it just disables
enforcement. You would still get denials in the audit logs and such.
So it's a nice way to do a quick test that selinux isn't the problem.
Just setenforce 0, test, and setenforce 1. If the behavior changed then
yeah, it's probably selinux.
If you actually really disabled selinux via the kernel command or by
setting SELINUX=disabled in /etc/selinux/config then, indeed any files
you created while it was in the disabled state would not be labeled and
the easiest way out of that is probably 'touch /.autorelabel; reboot'.
Which is why it's generally best to not disable it if you intend for
that system to normally use selinux.
Once you get used to ausearch -m AVC -ts recent (or today, or whatever)
then it's a pretty small leap to using audit2why and audit2allow to make
small modifications to the policy, or using semanage fcontext -a to make
sure the proper labels are applied.
- J<
More information about the Info-cyrus
mailing list