Re: Generating policies for Nagios on Fedora9 - difficulties

["Dirk H. Schulz" <dirk schulz kinzesberg de>]

Paul,

--On 6. November 2008 12:09:45 +0000 Paul Howarth <paul city-fan org> wrote:

- snip -

> The SELinux denials that you're hitting now are probably dontaudit-ed in
> pollcy. You can turn off the dontaudit rules using:
>
> # semodule -BD
>
> and turn them back on using:
>
> # semodule -B

Thanks for helping, that was my problem.

> Be careful with policy generated from audit logs with dontaudit rules
> turned off to ensure that what you're allowing is actually necessary and
> not just unrelated noise.

I have tried to use only those denials that seemed related to my problem 
(that means they contained "mailq" and "postqueue"). No I have got this 
working.

There is another two newbie questions if you allow:
- loading a module with semodule -i - is this permanent or temporary 
regarding reboots? I did not find any hint in web docs and man pages on 
that.
- since I have done this very careful step by step I now have lots of .te 
and .pp files. Can I simply do ca "cat *.te > all.te" and recompile it or 
is there a tool that generates a syntactically more compact .te file?

Dirk