Find the answer to your Linux question:
Results 1 to 4 of 4
Hi, This seems like it must be a FAQ, but I've looked at a lot of documents and not found a straightforward answer, so I hope it's OK to post ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    May 2008
    Posts
    7

    Using chcon


    Hi,

    This seems like it must be a FAQ, but I've looked at a lot of documents and not found a straightforward answer, so I hope it's OK to post it here.

    When I was configuring postfix with SASL and TLS, it kept failing. Specifically, one of the daemons couldn't do a write it had to do, even though I had the directory at 777. Here is the error message from maillog:

    postfix/tlsmgr[19524]: fatal: tls_prng_exch_open: cannot open PRNG exchange file /var/lib/postfix/prng_exch: Permission denied

    OK, so SELinux was preventing the write. All I had to do was issue the right chcon command to open up the directory, like issuing a chmod command.

    But I could not figure out what to do. Of course, there are other things I could do: turn off SElinux completely, disable it for the postfix daemon, etc., but it seemed to me that the least invasive way of dealing with it was to just change that one directory, but I couldn't figure out how to do it.

    So the first question is, how do I fix that one directory? Here is the output from ls -Z for the directory and the file that gets written to it:

    drwxrwxrwx postfix root system_u:object_r:var_lib_t:s0 /var/lib/postfix/
    -rw------- postfix postfix unconfined_u:object_r:var_lib_t:s0 prng_exch

    And the second question is, how do I sort this stuff out generally? I'll happily read another FAQ or tutorial, but so far every time they get me near this question, the answer is to "change the context to permit the action" which is far too vague, or to use restorecon, which doesn't work in this case.

    Thanks.

  2. #2
    Just Joined!
    Join Date
    May 2008
    Posts
    7
    Yes, I'm using iptables.

  3. #3
    Just Joined!
    Join Date
    May 2008
    Posts
    7
    Hi,

    I should have mentioned that I'm using Feodra 9 - both those commands just object, they want an argument, or two.

    I'm confused about your interest in iptables. I did try turning it off while I was doing this, and not surprising ly it made no difference, since I was on my own machine, trying to send mail out when I got the failure to write to that directory.

    I tried entering those commands you gave me with the device that df shows for /, but same response - the brief help message.

  4. $spacer_open
    $spacer_close
  5. #4
    Just Joined!
    Join Date
    May 2008
    Posts
    7
    Apparently I offended you - I'm sorry, I certainly didn't mean to do that. If there is something else I should look at, or information I should try to get, I'd appreciate hearing about it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •