failed to customize policy, SELinux won't let me

Fresh FC5 install (not an update) on an Intel 32bit CPU.
Applied all updates, reboot, let anacron do its job, reboot.

Installed Postfix and Cyrus-IMAPd
While testing Postfix with Cyrus I got this:

May  3 09:38:25 stantz kernel: audit(1146674305.211:305): avc:  denied
{ search } for  pid=3441 comm="lmtp" name="lib" dev=hda2 ino=2293761
tcontext=system_u:object_r:var_lib_t:s0 tclass=dir

OK, fine, I go here and follow the steps (all the time working in
the /root/selinux directory):


However, I can't seem to load the local module:

# /usr/sbin/semodule -i local.pp
/usr/sbin/semodule:  Could not read file 'local.pp':
# ls
local.fc  local.if  local.pp  local.te  tmp
# cat local.te
policy_module(local, 1.0)

require {
        type postfix_master_t;
        type var_lib_t;

allow postfix_master_t var_lib_t:dir search;

In the logs I get this:

audit(1146674668.001:307): avc:  denied  { search } for  pid=3569
comm="semodule" name="selinux" dev=hda4 ino=6501763
tcontext=user_u:object_r:user_home_t:s0 tclass=dir

What is going on?

Florin Andrei


