SELinux/LoadableModules/Audit2allow

= audit2allow creating loadable modules =

type=AVC msg=audit(1138596151.681:104174): avc: denied  { name_connect } for  pid=23796 comm="spamd" dest=389 scontext=root:system_r:spamd_t tcontext=system_u:object_r:ldap_port_t tclass=tcp_socket Generating type enforcment file: spamd.te Compiling policy: checkmodule -M -m -o spamd.mod spamd.te semodule_package -o spamd.pp -m spamd.mod Building package: semodule_package -o spamd.pp -m spamd.mod
 * Problem: User reports seeing the following AVC message
 * Solution: use audit2allow to build loadable module to fix problem


 * IMPORTANT ***********************

In order to load this newly created policy package into the kernel, you are required to execute

semodule -i spamd.pp

module spamd 1.0;
 * Audit2allow creates loadable module that looks like:

require { role object_r; role system_r;

class tcp_socket name_connect;

type ldap_port_t; type spamd_t; };

allow spamd_t ldap_port_t:tcp_socket name_connect;
 * semodule -i spamd.pp # Load the module
 * semodule -r spamd   # remove the module
 * semodule -l         # list all loadable modules