Bug 1381234

Summary: SELinux is preventing /usr/bin/perl from 'create' accesses on the directory .spamassassin.
Product: Red Hat Enterprise Linux 7 Reporter: Brian J. Murrell <brian>
Component: selinux-policyAssignee: Lukas Vrabec <lvrabec>
Status: CLOSED ERRATA QA Contact: Milos Malik <mmalik>
Severity: low Docs Contact:
Priority: low    
Version: 7.3CC: herrold, lvrabec, mgrepl, mmalik, plautrba, pvrabec, ssekidde
Target Milestone: rcKeywords: Reopened
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-10-30 09:59:46 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1393066    
Attachments:
Description Flags
spamassassin avcs none

Description Brian J. Murrell 2016-10-03 13:27:39 UTC 
SELinux is preventing /usr/bin/perl from create access on the directory .spamassassin.

*****  Plugin catchall (100. confidence) suggests   **************************

If you believe that perl should be allowed create access on the .spamassassin directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep 7370616D64206368696C64 /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp


Additional Information:
Source Context                system_u:system_r:spamd_t:s0
Target Context                system_u:object_r:logwatch_cache_t:s0
Target Objects                .spamassassin [ dir ]
Source                        7370616D64206368696C64
Source Path                   /usr/bin/perl
Port                          <Unknown>
Host                          server.interlinx.bc.ca
Source RPM Packages           perl-5.16.3-286.el7.x86_64
Target RPM Packages
Policy RPM                    selinux-policy-3.13.1-60.el7_2.9.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     server.interlinx.bc.ca
Platform                      Linux server.interlinx.bc.ca
                              3.10.0-327.28.3.el7.x86_64 #1 SMP Thu Aug 18
                              19:05:49 UTC 2016 x86_64 x86_64
Alert Count                   91
First Seen                    2016-09-30 08:07:32 EDT
Last Seen                     2016-10-03 08:10:56 EDT
Local ID                      39e42b02-4356-4490-bc94-36239b008265

Raw Audit Messages
type=AVC msg=audit(1475496656.838:29927): avc:  denied  { create } for  pid=1140 comm=7370616D64206368696C64 name=".spamassassin" scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=dir


type=SYSCALL msg=audit(1475496656.838:29927): arch=x86_64 syscall=mkdir success=no exit=EACCES a0=69571c0 a1=1c0 a2=7ff89b592edc a3=0 items=0 ppid=1135 pid=1140 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe=/usr/bin/perl subj=system_u:system_r:spamd_t:s0 key=(null)

Hash: 7370616D64206368696C64,spamd_t,logwatch_cache_t,dir,create

This looks like the EL7 version of bug #951570.

In addition to the above, this is probably related:

SELinux is preventing /usr/bin/perl from create access on the directory .spamassassin.

*****  Plugin catchall (100. confidence) suggests   **************************

If you believe that perl should be allowed create access on the .spamassassin directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep 7370616D64206368696C64 /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp


Additional Information:
Source Context                system_u:system_r:spamd_t:s0
Target Context                system_u:object_r:logwatch_cache_t:s0
Target Objects                .spamassassin [ dir ]
Source                        7370616D64206368696C64
Source Path                   /usr/bin/perl
Port                          <Unknown>
Host                          server.interlinx.bc.ca
Source RPM Packages           perl-5.16.3-286.el7.x86_64
Target RPM Packages           
Policy RPM                    selinux-policy-3.13.1-60.el7_2.9.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     server.interlinx.bc.ca
Platform                      Linux server.interlinx.bc.ca
                              3.10.0-327.28.3.el7.x86_64 #1 SMP Thu Aug 18
                              19:05:49 UTC 2016 x86_64 x86_64
Alert Count                   91
First Seen                    2016-09-30 08:07:32 EDT
Last Seen                     2016-10-03 08:10:56 EDT
Local ID                      39e42b02-4356-4490-bc94-36239b008265

Raw Audit Messages
type=AVC msg=audit(1475496656.838:29927): avc:  denied  { create } for  pid=1140 comm=7370616D64206368696C64 name=".spamassassin" scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=dir


type=SYSCALL msg=audit(1475496656.838:29927): arch=x86_64 syscall=mkdir success=no exit=EACCES a0=69571c0 a1=1c0 a2=7ff89b592edc a3=0 items=0 ppid=1135 pid=1140 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe=/usr/bin/perl subj=system_u:system_r:spamd_t:s0 key=(null)

Hash: 7370616D64206368696C64,spamd_t,logwatch_cache_t,dir,create
Comment 1 Brian J. Murrell 2016-10-03 13:30:05 UTC 
Could be a duplicate of bug #1379998?
Comment 3 Brian J. Murrell 2016-10-04 15:43:26 UTC 
A few more once the above ones have been permitted:

type=AVC msg=audit(1475511320.863:30671): avc:  denied  { create } for  pid=1140 comm=7370616D64206368696C64 name="user_prefs" scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475511320.863:30671): arch=c000003e syscall=2 success=no exit=-13 a0=8761c50 a1=241 a2=1b6 a3=0 items=0 ppid=1135 pid=1140 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475511331.799:30672): avc:  denied  { read } for  pid=1140 comm=7370616D64206368696C64 name=".razor" dev="dm-7" ino=24958 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=dir
type=SYSCALL msg=audit(1475511331.799:30672): arch=c000003e syscall=257 success=no exit=-13 a0=ffffffffffffff9c a1=8d1ce80 a2=90800 a3=0 items=0 ppid=1135 pid=1140 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475511331.909:30673): avc:  denied  { create } for  pid=1140 comm=7370616D64206368696C64 name="servers.discovery.lst.lock" scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475511331.909:30673): arch=c000003e syscall=2 success=no exit=-13 a0=7074e80 a1=241 a2=1b6 a3=0 items=0 ppid=1135 pid=1140 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475511331.909:30674): avc:  denied  { create } for  pid=1140 comm=7370616D64206368696C64 name="servers.catalogue.lst.lock" scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475511331.909:30674): arch=c000003e syscall=2 success=no exit=-13 a0=8d5bd20 a1=241 a2=1b6 a3=0 items=0 ppid=1135 pid=1140 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475511331.909:30675): avc:  denied  { create } for  pid=1140 comm=7370616D64206368696C64 name="servers.nomination.lst.lock" scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475511331.909:30675): arch=c000003e syscall=2 success=no exit=-13 a0=7074e80 a1=241 a2=1b6 a3=0 items=0 ppid=1135 pid=1140 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475511332.027:30676): avc:  denied  { create } for  pid=1140 comm=7370616D64206368696C64 name="server.c302.cloudmark.com.conf" scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475511332.027:30676): arch=c000003e syscall=2 success=no exit=-13 a0=5370020 a1=241 a2=1b6 a3=0 items=0 ppid=1135 pid=1140 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475511332.196:30677): avc:  denied  { create } for  pid=1140 comm=7370616D64206368696C64 name="servers.catalogue.lst.lock" scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475511332.196:30677): arch=c000003e syscall=2 success=no exit=-13 a0=85d87e0 a1=241 a2=1b6 a3=0 items=0 ppid=1135 pid=1140 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475511332.196:30678): avc:  denied  { create } for  pid=1140 comm=7370616D64206368696C64 name="servers.nomination.lst.lock" scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475511332.196:30678): arch=c000003e syscall=2 success=no exit=-13 a0=8f05600 a1=241 a2=1b6 a3=0 items=0 ppid=1135 pid=1140 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475511332.585:30679): avc:  denied  { create } for  pid=1140 comm=7370616D64206368696C64 name="auto-whitelist.lock.server.interlinx.bc.ca.1140" scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475511332.585:30679): arch=c000003e syscall=2 success=no exit=-13 a0=8c952d0 a1=241 a2=1b6 a3=0 items=0 ppid=1135 pid=1140 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475525406.178:31411): avc:  denied  { create } for  pid=1140 comm=7370616D64206368696C64 name="user_prefs" scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475525406.178:31411): arch=c000003e syscall=2 success=no exit=-13 a0=94c52b0 a1=241 a2=1b6 a3=0 items=0 ppid=1135 pid=1140 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475525420.363:31412): avc:  denied  { create } for  pid=1140 comm=7370616D64206368696C64 name="razor-agent.log" scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475525420.363:31412): arch=c000003e syscall=2 success=no exit=-13 a0=a046cb0 a1=441 a2=1b6 a3=0 items=0 ppid=1135 pid=1140 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475525420.369:31413): avc:  denied  { read } for  pid=1140 comm=7370616D64206368696C64 name=".razor" dev="dm-7" ino=24958 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=dir
type=SYSCALL msg=audit(1475525420.369:31413): arch=c000003e syscall=257 success=no exit=-13 a0=ffffffffffffff9c a1=5353580 a2=90800 a3=0 items=0 ppid=1135 pid=1140 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475525420.535:31414): avc:  denied  { create } for  pid=1140 comm=7370616D64206368696C64 name="servers.discovery.lst.lock" scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475525420.535:31414): arch=c000003e syscall=2 success=no exit=-13 a0=9f8bf30 a1=241 a2=1b6 a3=0 items=0 ppid=1135 pid=1140 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475525420.536:31415): avc:  denied  { create } for  pid=1140 comm=7370616D64206368696C64 name="servers.catalogue.lst.lock" scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475525420.536:31415): arch=c000003e syscall=2 success=no exit=-13 a0=8b08de0 a1=241 a2=1b6 a3=0 items=0 ppid=1135 pid=1140 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475525420.536:31416): avc:  denied  { create } for  pid=1140 comm=7370616D64206368696C64 name="servers.nomination.lst.lock" scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475525420.536:31416): arch=c000003e syscall=2 success=no exit=-13 a0=9f8bf30 a1=241 a2=1b6 a3=0 items=0 ppid=1135 pid=1140 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475525420.684:31417): avc:  denied  { create } for  pid=1140 comm=7370616D64206368696C64 name="server.c302.cloudmark.com.conf" scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475525420.684:31417): arch=c000003e syscall=2 success=no exit=-13 a0=a046680 a1=241 a2=1b6 a3=0 items=0 ppid=1135 pid=1140 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475525420.835:31418): avc:  denied  { create } for  pid=1140 comm=7370616D64206368696C64 name="servers.catalogue.lst.lock" scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475525420.835:31418): arch=c000003e syscall=2 success=no exit=-13 a0=9719140 a1=241 a2=1b6 a3=0 items=0 ppid=1135 pid=1140 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475525420.837:31419): avc:  denied  { create } for  pid=1140 comm=7370616D64206368696C64 name="servers.nomination.lst.lock" scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475525420.837:31419): arch=c000003e syscall=2 success=no exit=-13 a0=98d66c0 a1=241 a2=1b6 a3=0 items=0 ppid=1135 pid=1140 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475525421.181:31420): avc:  denied  { create } for  pid=1140 comm=7370616D64206368696C64 name="auto-whitelist.lock.server.interlinx.bc.ca.1140" scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475525421.181:31420): arch=c000003e syscall=2 success=no exit=-13 a0=99c3330 a1=241 a2=1b6 a3=0 items=0 ppid=1135 pid=1140 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475525421.439:31421): avc:  denied  { create } for  pid=1140 comm=7370616D64206368696C64 name="bayes.lock.server.interlinx.bc.ca.1140" scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475525421.439:31421): arch=c000003e syscall=2 success=no exit=-13 a0=a1e8f60 a1=241 a2=1b6 a3=0 items=0 ppid=1135 pid=1140 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475539833.371:32073): avc:  denied  { create } for  pid=1140 comm=7370616D64206368696C64 name="user_prefs" scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475539833.371:32073): arch=c000003e syscall=2 success=no exit=-13 a0=3d577a0 a1=241 a2=1b6 a3=0 items=0 ppid=1135 pid=1140 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475539844.333:32074): avc:  denied  { create } for  pid=1140 comm=7370616D64206368696C64 name="razor-agent.log" scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475539844.333:32074): arch=c000003e syscall=2 success=no exit=-13 a0=ba85060 a1=441 a2=1b6 a3=0 items=0 ppid=1135 pid=1140 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475539844.335:32075): avc:  denied  { read } for  pid=1140 comm=7370616D64206368696C64 name=".razor" dev="dm-7" ino=24958 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=dir
type=SYSCALL msg=audit(1475539844.335:32075): arch=c000003e syscall=257 success=no exit=-13 a0=ffffffffffffff9c a1=b946a60 a2=90800 a3=0 items=0 ppid=1135 pid=1140 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475539844.448:32076): avc:  denied  { create } for  pid=1140 comm=7370616D64206368696C64 name="servers.discovery.lst.lock" scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475539844.448:32076): arch=c000003e syscall=2 success=no exit=-13 a0=b81c7d0 a1=241 a2=1b6 a3=0 items=0 ppid=1135 pid=1140 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475539844.448:32077): avc:  denied  { create } for  pid=1140 comm=7370616D64206368696C64 name="servers.catalogue.lst.lock" scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475539844.448:32077): arch=c000003e syscall=2 success=no exit=-13 a0=b1edb00 a1=241 a2=1b6 a3=0 items=0 ppid=1135 pid=1140 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475539844.449:32078): avc:  denied  { create } for  pid=1140 comm=7370616D64206368696C64 name="servers.nomination.lst.lock" scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475539844.449:32078): arch=c000003e syscall=2 success=no exit=-13 a0=b81c7d0 a1=241 a2=1b6 a3=0 items=0 ppid=1135 pid=1140 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475539844.601:32079): avc:  denied  { create } for  pid=1140 comm=7370616D64206368696C64 name="server.c301.cloudmark.com.conf" scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475539844.601:32079): arch=c000003e syscall=2 success=no exit=-13 a0=bafe940 a1=241 a2=1b6 a3=0 items=0 ppid=1135 pid=1140 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475539844.738:32080): avc:  denied  { create } for  pid=1140 comm=7370616D64206368696C64 name="servers.catalogue.lst.lock" scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475539844.738:32080): arch=c000003e syscall=2 success=no exit=-13 a0=b8f5320 a1=241 a2=1b6 a3=0 items=0 ppid=1135 pid=1140 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475539844.738:32081): avc:  denied  { create } for  pid=1140 comm=7370616D64206368696C64 name="servers.nomination.lst.lock" scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475539844.738:32081): arch=c000003e syscall=2 success=no exit=-13 a0=bbf7090 a1=241 a2=1b6 a3=0 items=0 ppid=1135 pid=1140 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475539844.930:32082): avc:  denied  { create } for  pid=1140 comm=7370616D64206368696C64 name="auto-whitelist.lock.server.interlinx.bc.ca.1140" scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475539844.930:32082): arch=c000003e syscall=2 success=no exit=-13 a0=b825fe0 a1=241 a2=1b6 a3=0 items=0 ppid=1135 pid=1140 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475555307.969:32917): avc:  denied  { create } for  pid=1140 comm=7370616D64206368696C64 name="user_prefs" scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475555307.969:32917): arch=c000003e syscall=2 success=no exit=-13 a0=c51b150 a1=241 a2=1b6 a3=0 items=0 ppid=1135 pid=1140 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475555321.988:32918): avc:  denied  { create } for  pid=1140 comm=7370616D64206368696C64 name="razor-agent.log" scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475555321.988:32918): arch=c000003e syscall=2 success=no exit=-13 a0=e23b830 a1=441 a2=1b6 a3=0 items=0 ppid=1135 pid=1140 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475555321.998:32919): avc:  denied  { read } for  pid=1140 comm=7370616D64206368696C64 name=".razor" dev="dm-7" ino=24958 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=dir
type=SYSCALL msg=audit(1475555321.998:32919): arch=c000003e syscall=257 success=no exit=-13 a0=ffffffffffffff9c a1=e574cd0 a2=90800 a3=0 items=0 ppid=1135 pid=1140 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475555322.169:32920): avc:  denied  { create } for  pid=1140 comm=7370616D64206368696C64 name="servers.discovery.lst.lock" scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475555322.169:32920): arch=c000003e syscall=2 success=no exit=-13 a0=d2d4490 a1=241 a2=1b6 a3=0 items=0 ppid=1135 pid=1140 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475555322.170:32921): avc:  denied  { create } for  pid=1140 comm=7370616D64206368696C64 name="servers.catalogue.lst.lock" scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475555322.170:32921): arch=c000003e syscall=2 success=no exit=-13 a0=b97fab0 a1=241 a2=1b6 a3=0 items=0 ppid=1135 pid=1140 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475555322.171:32922): avc:  denied  { create } for  pid=1140 comm=7370616D64206368696C64 name="servers.nomination.lst.lock" scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475555322.171:32922): arch=c000003e syscall=2 success=no exit=-13 a0=d2d4490 a1=241 a2=1b6 a3=0 items=0 ppid=1135 pid=1140 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475555322.321:32923): avc:  denied  { create } for  pid=1140 comm=7370616D64206368696C64 name="server.c301.cloudmark.com.conf" scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475555322.321:32923): arch=c000003e syscall=2 success=no exit=-13 a0=decb080 a1=241 a2=1b6 a3=0 items=0 ppid=1135 pid=1140 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475555322.444:32924): avc:  denied  { create } for  pid=1140 comm=7370616D64206368696C64 name="servers.catalogue.lst.lock" scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475555322.444:32924): arch=c000003e syscall=2 success=no exit=-13 a0=e08b8a0 a1=241 a2=1b6 a3=0 items=0 ppid=1135 pid=1140 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475555322.444:32925): avc:  denied  { create } for  pid=1140 comm=7370616D64206368696C64 name="servers.nomination.lst.lock" scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475555322.444:32925): arch=c000003e syscall=2 success=no exit=-13 a0=c2e8b00 a1=241 a2=1b6 a3=0 items=0 ppid=1135 pid=1140 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475555323.031:32926): avc:  denied  { create } for  pid=1140 comm=7370616D64206368696C64 name="auto-whitelist.lock.server.interlinx.bc.ca.1140" scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475555323.031:32926): arch=c000003e syscall=2 success=no exit=-13 a0=e48eef0 a1=241 a2=1b6 a3=0 items=0 ppid=1135 pid=1140 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475555323.352:32927): avc:  denied  { create } for  pid=1140 comm=7370616D64206368696C64 name="bayes.lock.server.interlinx.bc.ca.1140" scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475555323.352:32927): arch=c000003e syscall=2 success=no exit=-13 a0=d3eb440 a1=241 a2=1b6 a3=0 items=0 ppid=1135 pid=1140 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475568433.669:33573): avc:  denied  { create } for  pid=1140 comm=7370616D64206368696C64 name="user_prefs" scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475568433.669:33573): arch=c000003e syscall=2 success=no exit=-13 a0=9cf7490 a1=241 a2=1b6 a3=0 items=0 ppid=1135 pid=1140 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475568443.925:33574): avc:  denied  { create } for  pid=1140 comm=7370616D64206368696C64 name="razor-agent.log" scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475568443.925:33574): arch=c000003e syscall=2 success=no exit=-13 a0=784fdf0 a1=441 a2=1b6 a3=0 items=0 ppid=1135 pid=1140 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475568443.928:33575): avc:  denied  { read } for  pid=1140 comm=7370616D64206368696C64 name=".razor" dev="dm-7" ino=24958 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=dir
type=SYSCALL msg=audit(1475568443.928:33575): arch=c000003e syscall=257 success=no exit=-13 a0=ffffffffffffff9c a1=c5867f0 a2=90800 a3=0 items=0 ppid=1135 pid=1140 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475568444.172:33576): avc:  denied  { create } for  pid=1140 comm=7370616D64206368696C64 name="auto-whitelist.lock.server.interlinx.bc.ca.1140" scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475568444.172:33576): arch=c000003e syscall=2 success=no exit=-13 a0=d836940 a1=241 a2=1b6 a3=0 items=0 ppid=1135 pid=1140 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475568444.379:33577): avc:  denied  { create } for  pid=1140 comm=7370616D64206368696C64 name="bayes.lock.server.interlinx.bc.ca.1140" scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475568444.379:33577): arch=c000003e syscall=2 success=no exit=-13 a0=d8a1de0 a1=241 a2=1b6 a3=0 items=0 ppid=1135 pid=1140 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475582967.056:34258): avc:  denied  { create } for  pid=28374 comm=7370616D64206368696C64 name="user_prefs" scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475582967.056:34258): arch=c000003e syscall=2 success=no exit=-13 a0=3129000 a1=241 a2=1b6 a3=0 items=0 ppid=28370 pid=28374 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475582978.526:34259): avc:  denied  { create } for  pid=28374 comm=7370616D64206368696C64 name="razor-agent.log" scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475582978.526:34259): arch=c000003e syscall=2 success=no exit=-13 a0=6c64f50 a1=441 a2=1b6 a3=0 items=0 ppid=28370 pid=28374 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475582978.529:34260): avc:  denied  { read } for  pid=28374 comm=7370616D64206368696C64 name=".razor" dev="dm-7" ino=24958 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=dir
type=SYSCALL msg=audit(1475582978.529:34260): arch=c000003e syscall=257 success=no exit=-13 a0=ffffffffffffff9c a1=49fa570 a2=90800 a3=0 items=0 ppid=28370 pid=28374 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475582978.630:34261): avc:  denied  { create } for  pid=28374 comm=7370616D64206368696C64 name="servers.discovery.lst.lock" scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475582978.630:34261): arch=c000003e syscall=2 success=no exit=-13 a0=6be1910 a1=241 a2=1b6 a3=0 items=0 ppid=28370 pid=28374 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475582978.630:34262): avc:  denied  { create } for  pid=28374 comm=7370616D64206368696C64 name="servers.catalogue.lst.lock" scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475582978.630:34262): arch=c000003e syscall=2 success=no exit=-13 a0=6be1ff0 a1=241 a2=1b6 a3=0 items=0 ppid=28370 pid=28374 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475582978.630:34263): avc:  denied  { create } for  pid=28374 comm=7370616D64206368696C64 name="servers.nomination.lst.lock" scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475582978.630:34263): arch=c000003e syscall=2 success=no exit=-13 a0=6be1910 a1=241 a2=1b6 a3=0 items=0 ppid=28370 pid=28374 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475582978.755:34264): avc:  denied  { create } for  pid=28374 comm=7370616D64206368696C64 name="server.c301.cloudmark.com.conf" scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475582978.755:34264): arch=c000003e syscall=2 success=no exit=-13 a0=4a14e20 a1=241 a2=1b6 a3=0 items=0 ppid=28370 pid=28374 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475582978.867:34265): avc:  denied  { create } for  pid=28374 comm=7370616D64206368696C64 name="servers.catalogue.lst.lock" scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475582978.867:34265): arch=c000003e syscall=2 success=no exit=-13 a0=65a6fa0 a1=241 a2=1b6 a3=0 items=0 ppid=28370 pid=28374 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475582978.868:34266): avc:  denied  { create } for  pid=28374 comm=7370616D64206368696C64 name="servers.nomination.lst.lock" scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475582978.868:34266): arch=c000003e syscall=2 success=no exit=-13 a0=6f2d8a0 a1=241 a2=1b6 a3=0 items=0 ppid=28370 pid=28374 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475582979.165:34267): avc:  denied  { create } for  pid=28374 comm=7370616D64206368696C64 name="auto-whitelist.lock.server.interlinx.bc.ca.28374" scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475582979.165:34267): arch=c000003e syscall=2 success=no exit=-13 a0=6e2d3f0 a1=241 a2=1b6 a3=0 items=0 ppid=28370 pid=28374 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475582979.380:34268): avc:  denied  { create } for  pid=28374 comm=7370616D64206368696C64 name="bayes.lock.server.interlinx.bc.ca.28374" scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475582979.380:34268): arch=c000003e syscall=2 success=no exit=-13 a0=6bcb550 a1=241 a2=1b6 a3=0 items=0 ppid=28370 pid=28374 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
Comment 4 Brian J. Murrell 2016-10-04 19:04:18 UTC 
This is happening on a 7.2 system, not 7.3.
Comment 5 Brian J. Murrell 2016-10-05 18:00:11 UTC 
The latest AVCs since allowing the previous ones above:

type=AVC msg=audit(1475669761.284:38755): avc:  denied  { getattr } for  pid=1225 comm=7370616D64206368696C64 path="/var/lib/logcheck/.spamassassin/user_prefs" dev="dm-7" ino=15432 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475669761.284:38755): arch=c000003e syscall=4 success=no exit=-13 a0=2e691a0 a1=f32138 a2=f32138 a3=708 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475669761.309:38756): avc:  denied  { getattr } for  pid=1225 comm=7370616D64206368696C64 path="/var/lib/logcheck/.spamassassin/user_prefs" dev="dm-7" ino=15432 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475669761.309:38756): arch=c000003e syscall=4 success=no exit=-13 a0=2e691a0 a1=f32138 a2=f32138 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475669761.311:38757): avc:  denied  { getattr } for  pid=1225 comm=7370616D64206368696C64 path="/var/lib/logcheck/.spamassassin/user_prefs" dev="dm-7" ino=15432 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475669761.311:38757): arch=c000003e syscall=4 success=no exit=-13 a0=2e691a0 a1=f32138 a2=f32138 a3=720 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475669761.312:38758): avc:  denied  { read } for  pid=1225 comm=7370616D64206368696C64 name="user_prefs" dev="dm-7" ino=15432 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475669761.312:38758): arch=c000003e syscall=2 success=no exit=-13 a0=d7d33b0 a1=0 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475669808.559:38759): avc:  denied  { append } for  pid=1225 comm=7370616D64206368696C64 name="razor-agent.log" dev="dm-7" ino=15525 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475669808.559:38759): arch=c000003e syscall=2 success=no exit=-13 a0=e62cef0 a1=441 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475669808.567:38760): avc:  denied  { open } for  pid=1225 comm=7370616D64206368696C64 path="/var/lib/logcheck/.razor" dev="dm-7" ino=24958 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=dir
type=SYSCALL msg=audit(1475669808.567:38760): arch=c000003e syscall=257 success=no exit=-13 a0=ffffffffffffff9c a1=e4cade0 a2=90800 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475669808.694:38761): avc:  denied  { getattr } for  pid=1225 comm=7370616D64206368696C64 path="/var/lib/logcheck/.razor/servers.discovery.lst.lock" dev="dm-7" ino=15526 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475669808.694:38761): arch=c000003e syscall=4 success=no exit=-13 a0=2e691a0 a1=f32138 a2=f32138 a3=1018 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475669808.694:38762): avc:  denied  { write } for  pid=1225 comm=7370616D64206368696C64 name="servers.discovery.lst.lock" dev="dm-7" ino=15526 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475669808.694:38762): arch=c000003e syscall=2 success=no exit=-13 a0=e4ba8d0 a1=241 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475669808.695:38763): avc:  denied  { getattr } for  pid=1225 comm=7370616D64206368696C64 path="/var/lib/logcheck/.razor/servers.catalogue.lst.lock" dev="dm-7" ino=15527 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475669808.695:38763): arch=c000003e syscall=4 success=no exit=-13 a0=2e691a0 a1=f32138 a2=f32138 a3=1018 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475669808.695:38764): avc:  denied  { write } for  pid=1225 comm=7370616D64206368696C64 name="servers.catalogue.lst.lock" dev="dm-7" ino=15527 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475669808.695:38764): arch=c000003e syscall=2 success=no exit=-13 a0=dd61040 a1=241 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475669808.695:38765): avc:  denied  { getattr } for  pid=1225 comm=7370616D64206368696C64 path="/var/lib/logcheck/.razor/servers.nomination.lst.lock" dev="dm-7" ino=15528 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475669808.695:38765): arch=c000003e syscall=4 success=no exit=-13 a0=2e691a0 a1=f32138 a2=f32138 a3=1018 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475669808.695:38766): avc:  denied  { write } for  pid=1225 comm=7370616D64206368696C64 name="servers.nomination.lst.lock" dev="dm-7" ino=15528 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475669808.695:38766): arch=c000003e syscall=2 success=no exit=-13 a0=e4ba8d0 a1=241 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475669808.819:38767): avc:  denied  { write } for  pid=1225 comm=7370616D64206368696C64 name="server.c302.cloudmark.com.conf" dev="dm-7" ino=15529 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475669808.819:38767): arch=c000003e syscall=2 success=no exit=-13 a0=dd0e2a0 a1=241 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475669808.999:38768): avc:  denied  { getattr } for  pid=1225 comm=7370616D64206368696C64 path="/var/lib/logcheck/.razor/servers.catalogue.lst.lock" dev="dm-7" ino=15527 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475669808.999:38768): arch=c000003e syscall=4 success=no exit=-13 a0=2e691a0 a1=f32138 a2=f32138 a3=1130 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475669808.999:38769): avc:  denied  { write } for  pid=1225 comm=7370616D64206368696C64 name="servers.catalogue.lst.lock" dev="dm-7" ino=15527 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475669808.999:38769): arch=c000003e syscall=2 success=no exit=-13 a0=dd6dc90 a1=241 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475669808.999:38770): avc:  denied  { getattr } for  pid=1225 comm=7370616D64206368696C64 path="/var/lib/logcheck/.razor/servers.nomination.lst.lock" dev="dm-7" ino=15528 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475669808.999:38770): arch=c000003e syscall=4 success=no exit=-13 a0=2e691a0 a1=f32138 a2=f32138 a3=1130 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475669808.999:38771): avc:  denied  { write } for  pid=1225 comm=7370616D64206368696C64 name="servers.nomination.lst.lock" dev="dm-7" ino=15528 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475669808.999:38771): arch=c000003e syscall=2 success=no exit=-13 a0=b2c9c00 a1=241 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475669809.670:38772): avc:  denied  { write } for  pid=1225 comm=7370616D64206368696C64 name="auto-whitelist.lock.server.interlinx.bc.ca.1225" dev="dm-7" ino=15530 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475669809.670:38772): arch=c000003e syscall=2 success=no exit=-13 a0=e43c1a0 a1=241 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475669810.647:38773): avc:  denied  { write } for  pid=1225 comm=7370616D64206368696C64 name="bayes.lock.server.interlinx.bc.ca.1225" dev="dm-7" ino=15548 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475669810.647:38773): arch=c000003e syscall=2 success=no exit=-13 a0=dd82410 a1=241 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475683990.276:39548): avc:  denied  { getattr } for  pid=1225 comm=7370616D64206368696C64 path="/var/lib/logcheck/.spamassassin/user_prefs" dev="dm-7" ino=15432 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475683990.276:39548): arch=c000003e syscall=4 success=no exit=-13 a0=2e691a0 a1=f32138 a2=f32138 a3=708 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475683990.282:39549): avc:  denied  { getattr } for  pid=1225 comm=7370616D64206368696C64 path="/var/lib/logcheck/.spamassassin/user_prefs" dev="dm-7" ino=15432 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475683990.282:39549): arch=c000003e syscall=4 success=no exit=-13 a0=2e691a0 a1=f32138 a2=f32138 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475683990.284:39550): avc:  denied  { getattr } for  pid=1225 comm=7370616D64206368696C64 path="/var/lib/logcheck/.spamassassin/user_prefs" dev="dm-7" ino=15432 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475683990.284:39550): arch=c000003e syscall=4 success=no exit=-13 a0=2e691a0 a1=f32138 a2=f32138 a3=720 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475683990.286:39551): avc:  denied  { read } for  pid=1225 comm=7370616D64206368696C64 name="user_prefs" dev="dm-7" ino=15432 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475683990.286:39551): arch=c000003e syscall=2 success=no exit=-13 a0=d571520 a1=0 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475684044.370:39552): avc:  denied  { append } for  pid=1225 comm=7370616D64206368696C64 name="razor-agent.log" dev="dm-7" ino=15525 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475684044.370:39552): arch=c000003e syscall=2 success=no exit=-13 a0=ef89220 a1=441 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475684044.380:39553): avc:  denied  { open } for  pid=1225 comm=7370616D64206368696C64 path="/var/lib/logcheck/.razor" dev="dm-7" ino=24958 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=dir
type=SYSCALL msg=audit(1475684044.380:39553): arch=c000003e syscall=257 success=no exit=-13 a0=ffffffffffffff9c a1=f51afc0 a2=90800 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475684044.540:39554): avc:  denied  { getattr } for  pid=1225 comm=7370616D64206368696C64 path="/var/lib/logcheck/.razor/servers.discovery.lst.lock" dev="dm-7" ino=15526 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475684044.540:39554): arch=c000003e syscall=4 success=no exit=-13 a0=2e691a0 a1=f32138 a2=f32138 a3=1018 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475684044.540:39555): avc:  denied  { write } for  pid=1225 comm=7370616D64206368696C64 name="servers.discovery.lst.lock" dev="dm-7" ino=15526 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475684044.540:39555): arch=c000003e syscall=2 success=no exit=-13 a0=f551fd0 a1=241 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475684044.540:39556): avc:  denied  { getattr } for  pid=1225 comm=7370616D64206368696C64 path="/var/lib/logcheck/.razor/servers.catalogue.lst.lock" dev="dm-7" ino=15527 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475684044.540:39556): arch=c000003e syscall=4 success=no exit=-13 a0=2e691a0 a1=f32138 a2=f32138 a3=1018 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475684044.540:39557): avc:  denied  { write } for  pid=1225 comm=7370616D64206368696C64 name="servers.catalogue.lst.lock" dev="dm-7" ino=15527 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475684044.540:39557): arch=c000003e syscall=2 success=no exit=-13 a0=ef1db40 a1=241 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475684044.541:39558): avc:  denied  { getattr } for  pid=1225 comm=7370616D64206368696C64 path="/var/lib/logcheck/.razor/servers.nomination.lst.lock" dev="dm-7" ino=15528 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475684044.541:39558): arch=c000003e syscall=4 success=no exit=-13 a0=2e691a0 a1=f32138 a2=f32138 a3=1018 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475684044.541:39559): avc:  denied  { write } for  pid=1225 comm=7370616D64206368696C64 name="servers.nomination.lst.lock" dev="dm-7" ino=15528 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475684044.541:39559): arch=c000003e syscall=2 success=no exit=-13 a0=f551fd0 a1=241 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475684044.715:39560): avc:  denied  { write } for  pid=1225 comm=7370616D64206368696C64 name="server.c303.cloudmark.com.conf" dev="dm-7" ino=16683 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475684044.715:39560): arch=c000003e syscall=2 success=no exit=-13 a0=efa7d60 a1=241 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475684044.823:39561): avc:  denied  { getattr } for  pid=1225 comm=7370616D64206368696C64 path="/var/lib/logcheck/.razor/servers.catalogue.lst.lock" dev="dm-7" ino=15527 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475684044.823:39561): arch=c000003e syscall=4 success=no exit=-13 a0=2e691a0 a1=f32138 a2=f32138 a3=1130 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475684044.823:39562): avc:  denied  { write } for  pid=1225 comm=7370616D64206368696C64 name="servers.catalogue.lst.lock" dev="dm-7" ino=15527 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475684044.823:39562): arch=c000003e syscall=2 success=no exit=-13 a0=f22dc20 a1=241 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475684044.823:39563): avc:  denied  { getattr } for  pid=1225 comm=7370616D64206368696C64 path="/var/lib/logcheck/.razor/servers.nomination.lst.lock" dev="dm-7" ino=15528 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475684044.823:39563): arch=c000003e syscall=4 success=no exit=-13 a0=2e691a0 a1=f32138 a2=f32138 a3=1130 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475684044.823:39564): avc:  denied  { write } for  pid=1225 comm=7370616D64206368696C64 name="servers.nomination.lst.lock" dev="dm-7" ino=15528 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475684044.823:39564): arch=c000003e syscall=2 success=no exit=-13 a0=f56f710 a1=241 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475684045.668:39565): avc:  denied  { write } for  pid=1225 comm=7370616D64206368696C64 name="auto-whitelist.lock.server.interlinx.bc.ca.1225" dev="dm-7" ino=15530 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475684045.668:39565): arch=c000003e syscall=2 success=no exit=-13 a0=f603110 a1=241 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475684046.775:39566): avc:  denied  { write } for  pid=1225 comm=7370616D64206368696C64 name="bayes.lock.server.interlinx.bc.ca.1225" dev="dm-7" ino=15548 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475684046.775:39566): arch=c000003e syscall=2 success=no exit=-13 a0=dae15e0 a1=241 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
Comment 6 Brian J. Murrell 2016-10-06 15:02:42 UTC 
More AVCs once the above were allowed:

type=AVC msg=audit(1475712423.521:40956): avc:  denied  { open } for  pid=1225 comm=7370616D64206368696C64 path="/var/lib/logcheck/.spamassassin/user_prefs" dev="dm-7" ino=15432 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475712423.521:40956): arch=c000003e syscall=2 success=no exit=-13 a0=11068fe0 a1=0 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475712438.178:40957): avc:  denied  { open } for  pid=1225 comm=7370616D64206368696C64 path="/var/lib/logcheck/.razor/razor-agent.log" dev="dm-7" ino=15525 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475712438.178:40957): arch=c000003e syscall=2 success=no exit=-13 a0=1170c010 a1=441 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475712438.191:40958): avc:  denied  { open } for  pid=1225 comm=7370616D64206368696C64 path="/var/lib/logcheck/.razor/server.c301.cloudmark.com.conf" dev="dm-7" ino=17015 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475712438.191:40958): arch=c000003e syscall=2 success=no exit=-13 a0=4a0eb70 a1=0 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475712438.202:40959): avc:  denied  { open } for  pid=1225 comm=7370616D64206368696C64 path="/var/lib/logcheck/.razor/server.c301.cloudmark.com.conf" dev="dm-7" ino=17015 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475712438.202:40959): arch=c000003e syscall=2 success=no exit=-13 a0=4a0eb70 a1=0 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475712438.202:40960): avc:  denied  { open } for  pid=1225 comm=7370616D64206368696C64 path="/var/lib/logcheck/.razor/server.c303.cloudmark.com.conf" dev="dm-7" ino=16683 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475712438.202:40960): arch=c000003e syscall=2 success=no exit=-13 a0=4a0eb70 a1=0 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475712438.217:40961): avc:  denied  { open } for  pid=1225 comm=7370616D64206368696C64 path="/var/lib/logcheck/.razor/server.c303.cloudmark.com.conf" dev="dm-7" ino=16683 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475712438.217:40961): arch=c000003e syscall=2 success=no exit=-13 a0=4a0eb70 a1=0 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475712438.217:40962): avc:  denied  { open } for  pid=1225 comm=7370616D64206368696C64 path="/var/lib/logcheck/.razor/server.c302.cloudmark.com.conf" dev="dm-7" ino=15529 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475712438.217:40962): arch=c000003e syscall=2 success=no exit=-13 a0=4a0eb70 a1=0 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475712438.218:40963): avc:  denied  { open } for  pid=1225 comm=7370616D64206368696C64 path="/var/lib/logcheck/.razor/server.c302.cloudmark.com.conf" dev="dm-7" ino=15529 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475712438.218:40963): arch=c000003e syscall=2 success=no exit=-13 a0=4a0eb70 a1=0 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475712438.448:40964): avc:  denied  { open } for  pid=1225 comm=7370616D64206368696C64 path="/var/lib/logcheck/.razor/server.c303.cloudmark.com.conf" dev="dm-7" ino=16683 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475712438.448:40964): arch=c000003e syscall=2 success=no exit=-13 a0=11689e40 a1=241 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475712439.069:40965): avc:  denied  { open } for  pid=1225 comm=7370616D64206368696C64 path="/var/lib/logcheck/.spamassassin/auto-whitelist.lock.server.interlinx.bc.ca.1225" dev="dm-7" ino=15530 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475712439.069:40965): arch=c000003e syscall=2 success=no exit=-13 a0=116853b0 a1=241 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475712439.352:40966): avc:  denied  { open } for  pid=1225 comm=7370616D64206368696C64 path="/var/lib/logcheck/.spamassassin/bayes.lock.server.interlinx.bc.ca.1225" dev="dm-7" ino=15548 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475712439.352:40966): arch=c000003e syscall=2 success=no exit=-13 a0=112abdb0 a1=241 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475726872.211:41677): avc:  denied  { open } for  pid=1225 comm=7370616D64206368696C64 path="/var/lib/logcheck/.spamassassin/user_prefs" dev="dm-7" ino=15432 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475726872.211:41677): arch=c000003e syscall=2 success=no exit=-13 a0=13713930 a1=0 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475726899.264:41678): avc:  denied  { open } for  pid=1225 comm=7370616D64206368696C64 path="/var/lib/logcheck/.razor/razor-agent.log" dev="dm-7" ino=15525 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475726899.264:41678): arch=c000003e syscall=2 success=no exit=-13 a0=137961b0 a1=441 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475726899.301:41679): avc:  denied  { open } for  pid=1225 comm=7370616D64206368696C64 path="/var/lib/logcheck/.razor/server.c301.cloudmark.com.conf" dev="dm-7" ino=17015 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475726899.301:41679): arch=c000003e syscall=2 success=no exit=-13 a0=13723600 a1=0 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475726899.301:41680): avc:  denied  { open } for  pid=1225 comm=7370616D64206368696C64 path="/var/lib/logcheck/.razor/server.c301.cloudmark.com.conf" dev="dm-7" ino=17015 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475726899.301:41680): arch=c000003e syscall=2 success=no exit=-13 a0=13723600 a1=0 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475726899.302:41681): avc:  denied  { open } for  pid=1225 comm=7370616D64206368696C64 path="/var/lib/logcheck/.razor/server.c303.cloudmark.com.conf" dev="dm-7" ino=16683 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475726899.302:41681): arch=c000003e syscall=2 success=no exit=-13 a0=13723600 a1=0 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475726899.302:41682): avc:  denied  { open } for  pid=1225 comm=7370616D64206368696C64 path="/var/lib/logcheck/.razor/server.c303.cloudmark.com.conf" dev="dm-7" ino=16683 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475726899.302:41682): arch=c000003e syscall=2 success=no exit=-13 a0=13723600 a1=0 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475726899.302:41683): avc:  denied  { open } for  pid=1225 comm=7370616D64206368696C64 path="/var/lib/logcheck/.razor/server.c302.cloudmark.com.conf" dev="dm-7" ino=15529 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475726899.302:41683): arch=c000003e syscall=2 success=no exit=-13 a0=13723600 a1=0 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475726899.302:41684): avc:  denied  { open } for  pid=1225 comm=7370616D64206368696C64 path="/var/lib/logcheck/.razor/server.c302.cloudmark.com.conf" dev="dm-7" ino=15529 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475726899.302:41684): arch=c000003e syscall=2 success=no exit=-13 a0=13723600 a1=0 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475726899.572:41685): avc:  denied  { open } for  pid=1225 comm=7370616D64206368696C64 path="/var/lib/logcheck/.razor/server.c303.cloudmark.com.conf" dev="dm-7" ino=16683 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475726899.572:41685): arch=c000003e syscall=2 success=no exit=-13 a0=11b4ec90 a1=241 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475726900.261:41686): avc:  denied  { open } for  pid=1225 comm=7370616D64206368696C64 path="/var/lib/logcheck/.spamassassin/auto-whitelist.lock.server.interlinx.bc.ca.1225" dev="dm-7" ino=15530 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475726900.261:41686): arch=c000003e syscall=2 success=no exit=-13 a0=13b71390 a1=241 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475726900.628:41687): avc:  denied  { open } for  pid=1225 comm=7370616D64206368696C64 path="/var/lib/logcheck/.spamassassin/bayes.lock.server.interlinx.bc.ca.1225" dev="dm-7" ino=15548 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475726900.628:41687): arch=c000003e syscall=2 success=no exit=-13 a0=13b95470 a1=241 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475741206.972:42463): avc:  denied  { open } for  pid=1225 comm=7370616D64206368696C64 path="/var/lib/logcheck/.spamassassin/user_prefs" dev="dm-7" ino=15432 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475741206.972:42463): arch=c000003e syscall=2 success=no exit=-13 a0=12cd1b00 a1=0 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475741214.980:42464): avc:  denied  { open } for  pid=1225 comm=7370616D64206368696C64 path="/var/lib/logcheck/.razor/razor-agent.log" dev="dm-7" ino=15525 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475741214.980:42464): arch=c000003e syscall=2 success=no exit=-13 a0=12551430 a1=441 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475741214.982:42465): avc:  denied  { open } for  pid=1225 comm=7370616D64206368696C64 path="/var/lib/logcheck/.razor/server.c301.cloudmark.com.conf" dev="dm-7" ino=17015 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475741214.982:42465): arch=c000003e syscall=2 success=no exit=-13 a0=125f69f0 a1=0 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475741214.987:42466): avc:  denied  { open } for  pid=1225 comm=7370616D64206368696C64 path="/var/lib/logcheck/.razor/server.c301.cloudmark.com.conf" dev="dm-7" ino=17015 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475741214.987:42466): arch=c000003e syscall=2 success=no exit=-13 a0=125f69f0 a1=0 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475741214.987:42467): avc:  denied  { open } for  pid=1225 comm=7370616D64206368696C64 path="/var/lib/logcheck/.razor/server.c303.cloudmark.com.conf" dev="dm-7" ino=16683 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475741214.987:42467): arch=c000003e syscall=2 success=no exit=-13 a0=125f69f0 a1=0 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475741215.002:42468): avc:  denied  { open } for  pid=1225 comm=7370616D64206368696C64 path="/var/lib/logcheck/.razor/server.c303.cloudmark.com.conf" dev="dm-7" ino=16683 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475741215.002:42468): arch=c000003e syscall=2 success=no exit=-13 a0=125f69f0 a1=0 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475741215.003:42469): avc:  denied  { open } for  pid=1225 comm=7370616D64206368696C64 path="/var/lib/logcheck/.razor/server.c302.cloudmark.com.conf" dev="dm-7" ino=15529 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475741215.003:42469): arch=c000003e syscall=2 success=no exit=-13 a0=125f69f0 a1=0 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475741215.003:42470): avc:  denied  { open } for  pid=1225 comm=7370616D64206368696C64 path="/var/lib/logcheck/.razor/server.c302.cloudmark.com.conf" dev="dm-7" ino=15529 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475741215.003:42470): arch=c000003e syscall=2 success=no exit=-13 a0=125f69f0 a1=0 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475741215.234:42471): avc:  denied  { open } for  pid=1225 comm=7370616D64206368696C64 path="/var/lib/logcheck/.razor/server.c303.cloudmark.com.conf" dev="dm-7" ino=16683 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475741215.234:42471): arch=c000003e syscall=2 success=no exit=-13 a0=1325aa30 a1=241 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475741215.693:42472): avc:  denied  { open } for  pid=1225 comm=7370616D64206368696C64 path="/var/lib/logcheck/.spamassassin/auto-whitelist.lock.server.interlinx.bc.ca.1225" dev="dm-7" ino=15530 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475741215.693:42472): arch=c000003e syscall=2 success=no exit=-13 a0=12abdb40 a1=241 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475741215.830:42473): avc:  denied  { open } for  pid=1225 comm=7370616D64206368696C64 path="/var/lib/logcheck/.spamassassin/bayes.lock.server.interlinx.bc.ca.1225" dev="dm-7" ino=15548 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475741215.830:42473): arch=c000003e syscall=2 success=no exit=-13 a0=12c74d10 a1=241 a2=1b6 a3=0 items=0 ppid=28370 pid=1225 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475755700.124:43135): avc:  denied  { open } for  pid=26883 comm=7370616D64206368696C64 path="/var/lib/logcheck/.spamassassin/user_prefs" dev="dm-7" ino=15432 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475755700.124:43135): arch=c000003e syscall=2 success=no exit=-13 a0=6614060 a1=0 a2=1b6 a3=0 items=0 ppid=26879 pid=26883 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475755708.955:43136): avc:  denied  { open } for  pid=26883 comm=7370616D64206368696C64 path="/var/lib/logcheck/.razor/razor-agent.log" dev="dm-7" ino=15525 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475755708.955:43136): arch=c000003e syscall=2 success=no exit=-13 a0=6e44400 a1=441 a2=1b6 a3=0 items=0 ppid=26879 pid=26883 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475755708.958:43137): avc:  denied  { open } for  pid=26883 comm=7370616D64206368696C64 path="/var/lib/logcheck/.razor/server.c301.cloudmark.com.conf" dev="dm-7" ino=17015 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475755708.958:43137): arch=c000003e syscall=2 success=no exit=-13 a0=55afa30 a1=0 a2=1b6 a3=0 items=0 ppid=26879 pid=26883 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475755708.958:43138): avc:  denied  { open } for  pid=26883 comm=7370616D64206368696C64 path="/var/lib/logcheck/.razor/server.c301.cloudmark.com.conf" dev="dm-7" ino=17015 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475755708.958:43138): arch=c000003e syscall=2 success=no exit=-13 a0=55afa30 a1=0 a2=1b6 a3=0 items=0 ppid=26879 pid=26883 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475755708.958:43139): avc:  denied  { open } for  pid=26883 comm=7370616D64206368696C64 path="/var/lib/logcheck/.razor/server.c303.cloudmark.com.conf" dev="dm-7" ino=16683 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475755708.958:43139): arch=c000003e syscall=2 success=no exit=-13 a0=55afa30 a1=0 a2=1b6 a3=0 items=0 ppid=26879 pid=26883 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475755708.959:43140): avc:  denied  { open } for  pid=26883 comm=7370616D64206368696C64 path="/var/lib/logcheck/.razor/server.c303.cloudmark.com.conf" dev="dm-7" ino=16683 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475755708.959:43140): arch=c000003e syscall=2 success=no exit=-13 a0=55afa30 a1=0 a2=1b6 a3=0 items=0 ppid=26879 pid=26883 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475755708.959:43141): avc:  denied  { open } for  pid=26883 comm=7370616D64206368696C64 path="/var/lib/logcheck/.razor/server.c302.cloudmark.com.conf" dev="dm-7" ino=15529 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475755708.959:43141): arch=c000003e syscall=2 success=no exit=-13 a0=55afa30 a1=0 a2=1b6 a3=0 items=0 ppid=26879 pid=26883 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475755708.959:43142): avc:  denied  { open } for  pid=26883 comm=7370616D64206368696C64 path="/var/lib/logcheck/.razor/server.c302.cloudmark.com.conf" dev="dm-7" ino=15529 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475755708.959:43142): arch=c000003e syscall=2 success=no exit=-13 a0=55afa30 a1=0 a2=1b6 a3=0 items=0 ppid=26879 pid=26883 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475755709.176:43143): avc:  denied  { open } for  pid=26883 comm=7370616D64206368696C64 path="/var/lib/logcheck/.razor/server.c303.cloudmark.com.conf" dev="dm-7" ino=16683 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475755709.176:43143): arch=c000003e syscall=2 success=no exit=-13 a0=55c4660 a1=241 a2=1b6 a3=0 items=0 ppid=26879 pid=26883 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475755709.606:43144): avc:  denied  { open } for  pid=26883 comm=7370616D64206368696C64 path="/var/lib/logcheck/.spamassassin/auto-whitelist.lock.server.interlinx.bc.ca.26883" dev="dm-7" ino=13025 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475755709.606:43144): arch=c000003e syscall=2 success=no exit=-13 a0=64be6b0 a1=241 a2=1b6 a3=0 items=0 ppid=26879 pid=26883 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
type=AVC msg=audit(1475755709.793:43145): avc:  denied  { open } for  pid=26883 comm=7370616D64206368696C64 path="/var/lib/logcheck/.spamassassin/bayes.lock.server.interlinx.bc.ca.26883" dev="dm-7" ino=13026 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1475755709.793:43145): arch=c000003e syscall=2 success=no exit=-13 a0=6f77430 a1=241 a2=1b6 a3=0 items=0 ppid=26879 pid=26883 auid=4294967295 uid=0 gid=0 euid=993 suid=0 fsuid=993 egid=991 sgid=0 fsgid=991 tty=(none) ses=4294967295 comm=7370616D64206368696C64 exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)
Comment 7 Brian J. Murrell 2016-10-07 13:10:26 UTC 
Created attachment 1208152 [details]
spamassassin avcs

And once again, since adding local policy for the above, the new ones are in the attachment.

I guess the question at this point is, has any selinux policy been developed for spamassassin or are these really all local to my installation?  I don't think it's terribly unique here.
Comment 8 Brian J. Murrell 2016-10-07 17:08:35 UTC 
OK.  I think I know what is going on here.

Mail is coming into this machine addressed to logcheck@ and spamassassin is checking that mail for spam by setuid'ing to the "recipient"'s id, which is logcheck and so has a $HOME of /var/lib/logcheck.

logcheck here is aliased to a real user and so really, spamassassin should not be checking mail until it is being delivered to it's final address, after alias processing happens.

Looking into fixing the mail configuration to do so.
Comment 10 R P Herrold 2017-08-30 18:16:03 UTC 
no SELinux messages, and no spam assassin here but still getting the denials -- possibly a perlish mktemp is failing as well ?

[root@router selinux]# grep denied /var/log/audit/audit.log
[root@router selinux]# cat /etc/redhat-release ; date
CentOS Linux release 7.3.1611 (Core) 
Wed Aug 30 14:14:39 EDT 2017
[root@router selinux]# rpm -qa | grep spam
[root@router selinux]#
Comment 11 R P Herrold 2017-08-30 18:42:10 UTC 
ran: sudo -u logcheck strace logcheck -o -t > stdout.txt 2> stderr.txt

[root@router logcheck]# wc -l *txt
 10228 stderr.txt
     1 stdout.txt

[root@router logcheck]# grep denied /var/log/audit/audit.log
[root@router logcheck]#

seen: a strange ioctl message:

rt_sigaction(SIGCHLD, {0x441200, [], SA_RESTORER|SA_RESTART, 0x7f41505bc250}, {SIG_DFL, [], SA_RESTORER|SA_RESTART, 0x7f41505bc250}, 8) = 0
getrlimit(RLIMIT_NPROC, {rlim_cur=4*1024, rlim_max=30649}) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [], 8)  = 0
open("/sbin/logcheck", O_RDONLY)        = 3
ioctl(3, SNDCTL_TMR_TIMEBASE or SNDRV_TIMER_IOCTL_NEXT_DEVICE or TCGETS, 0x7ffd0f6aec10) = -1 ENOTTY (Inappropriate ioctl for device)
lseek(3, 0, SEEK_CUR)                   = 0
read(3, "#!/bin/bash\n#\n# Copyright (C) 20"..., 80) = 80
lseek(3, 0, SEEK_SET)                   = 0

so turn on bash logging

[root@router sbin]# diff -u logcheck  RPH-logcheck
--- logcheck    2015-01-05 11:11:22.000000000 -0500
+++ RPH-logcheck        2017-08-30 14:31:09.271188109 -0400
@@ -1,4 +1,5 @@
-#!/bin/bash
+#!/bin/bash -x
+#      RPH adds a bash logging increase
 #
 # Copyright (C) 2004-2012 Debian Logcheck Team
 #                         <logcheck-devel.debian.org>
[root@router sbin]# 

and another copy ion /usr/sbin

[root@router sbin]# diff -u logcheck  RPH-logcheck
--- logcheck    2015-01-05 11:11:22.000000000 -0500
+++ RPH-logcheck        2017-08-30 14:34:09.210690031 -0400
@@ -1,4 +1,5 @@
-#!/bin/bash
+#!/bin/bash -x
+#      RPH and the same in /usr/sbin 
 #
 # Copyright (C) 2004-2012 Debian Logcheck Team
 #                         <logcheck-devel.debian.org>
[root@router sbin]# pwd
/usr/sbin
[root@router sbin]# 


run it:

[root@router logcheck]# sudo -u logcheck strace /usr/sbin/RPH-logcheck -o -t > RPH-stdout.txt  2> RPH-stderr.txt
[root@router logcheck]# ls -al
total 1356
drwxr-xr-x.  2 root root     82 Aug 30 14:35 .
dr-xr-x---. 14 root root   4096 Aug 30 14:20 ..
-rw-r--r--.  1 root root 745587 Aug 30 14:35 RPH-stderr.txt
-rw-r--r--.  1 root root     45 Aug 30 14:35 RPH-stdout.txt
-rw-r--r--.  1 root root 623978 Aug 30 14:21 stderr.txt
-rw-r--r--.  1 root root     45 Aug 30 14:21 stdout.txt
[root@router logcheck]# wc -l R*txt
 12893 RPH-stderr.txt
     1 RPH-stdout.txt

look for E NO ...

[root@router logcheck]# reset
[root@router logcheck]# grep EN RPH-stderr.txt 
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
mmap(NULL, 2268928, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f36ca99f000
mmap(0x7f36cabc4000, 20480, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x25000) = 0x7f36cabc4000
mmap(NULL, 2109744, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f36ca79b000
mmap(0x7f36ca99d000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7f36ca99d000
mmap(NULL, 3932672, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f36ca3da000
mmap(0x7f36ca790000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1b6000) = 0x7f36ca790000
ioctl(3, SNDCTL_TMR_TIMEBASE or SNDRV_TIMER_IOCTL_NEXT_DEVICE or TCGETS, 0x7ffc0d65b030) = -1 ENOTTY (Inappropriate ioctl for device)
write(2, "+ SENDMAILTO=root\n", 18+ SENDMAILTO=root
write(2, "+ EVENTSSUBJECT='System Events'\n", 32+ EVENTSSUBJECT='System Events'
write(2, "++ SENDMAILTO=logcheck\n", 23++ SENDMAILTO=logcheck
stat("/sbin/lockfile-create", 0x7ffc0d65acf0) = -1 ENOENT (No such file or directory)
stat("/tmp/logcheck.b8maUs/cracking", 0x7ffc0d65a610) = -1 ENOENT (No such file or directory)
stat("/sbin/mkdir", 0x7ffc0d65a4d0)     = -1 ENOENT (No such file or directory)
stat("/tmp/logcheck.b8maUs/violations", 0x7ffc0d65a610) = -1 ENOENT (No such file or directory)
stat("/tmp/logcheck.b8maUs/violations-ignore", 0x7ffc0d65a610) = -1 ENOENT (No such file or directory)
stat("/tmp/logcheck.b8maUs/ignore", 0x7ffc0d65a500) = -1 ENOENT (No such file or directory)
stat("/sbin/lockfile-remove", 0x7ffc0d6596d0) = -1 ENOENT (No such file or directory)
stat("/var/lock/logcheck/logcheck.lock", 0x7ffc0d65a710) = -1 ENOENT (No such file or directory)
stat("/sbin/rm", 0x7ffc0d65a5c0)        = -1 ENOENT (No such file or directory)
[root@router logcheck]# 

This looks sketchy

ioctl(3, SNDCTL_TMR_TIMEBASE or SNDRV_TIMER_IOCTL_NEXT_DEVICE or TCGETS, 0x7ffc0d65b030) = -1 ENOTTY (Inappropriate ioctl for device)


as I recall there are 'per user' /tmp/ 's 'recently' ... might this be in play with some mktemp tempdir change needed?


[root@router ~]# cd logcheck/
[root@router logcheck]# grep mkdir *txt
RPH-stderr.txt:write(2, "+ mkdir /tmp/logcheck.b8maUs/cra"..., 38+ mkdir /tmp/logcheck.b8maUs/cracking
RPH-stderr.txt:stat("/sbin/mkdir", 0x7ffc0d65a4d0)     = -1 ENOENT (No such file or directory)
RPH-stderr.txt:stat("/bin/mkdir", {st_mode=S_IFREG|0755, st_size=79768, ...}) = 0
RPH-stderr.txt:stat("/bin/mkdir", {st_mode=S_IFREG|0755, st_size=79768, ...}) = 0
RPH-stderr.txt:access("/bin/mkdir", X_OK)              = 0
RPH-stderr.txt:stat("/bin/mkdir", {st_mode=S_IFREG|0755, st_size=79768, ...}) = 0
RPH-stderr.txt:access("/bin/mkdir", R_OK)              = 0
RPH-stderr.txt:stat("/bin/mkdir", {st_mode=S_IFREG|0755, st_size=79768, ...}) = 0
RPH-stderr.txt:stat("/bin/mkdir", {st_mode=S_IFREG|0755, st_size=79768, ...}) = 0
RPH-stderr.txt:access("/bin/mkdir", X_OK)              = 0
RPH-stderr.txt:stat("/bin/mkdir", {st_mode=S_IFREG|0755, st_size=79768, ...}) = 0
RPH-stderr.txt:access("/bin/mkdir", R_OK)              = 0
RPH-stderr.txt:write(2, "+ mkdir /tmp/logcheck.b8maUs/vio"..., 40+ mkdir /tmp/logcheck.b8maUs/violations
RPH-stderr.txt:write(2, "+ mkdir /tmp/logcheck.b8maUs/vio"..., 47+ mkdir /tmp/logcheck.b8maUs/violations-ignore
RPH-stderr.txt:write(2, "+ mkdir /tmp/logcheck.b8maUs/ign"..., 36+ mkdir /tmp/logcheck.b8maUs/ignore
RPH-stderr.txt:write(2, "+ mkdir /tmp/logcheck.b8maUs/log"..., 39+ mkdir /tmp/logcheck.b8maUs/logoutput
stderr.txt:stat("/sbin/mkdir", 0x7ffd0f6ae0b0)     = -1 ENOENT (No such file or directory)
stderr.txt:stat("/bin/mkdir", {st_mode=S_IFREG|0755, st_size=79768, ...}) = 0
stderr.txt:stat("/bin/mkdir", {st_mode=S_IFREG|0755, st_size=79768, ...}) = 0
stderr.txt:access("/bin/mkdir", X_OK)              = 0
stderr.txt:stat("/bin/mkdir", {st_mode=S_IFREG|0755, st_size=79768, ...}) = 0
stderr.txt:access("/bin/mkdir", R_OK)              = 0
stderr.txt:stat("/bin/mkdir", {st_mode=S_IFREG|0755, st_size=79768, ...}) = 0
stderr.txt:stat("/bin/mkdir", {st_mode=S_IFREG|0755, st_size=79768, ...}) = 0
stderr.txt:access("/bin/mkdir", X_OK)              = 0
stderr.txt:stat("/bin/mkdir", {st_mode=S_IFREG|0755, st_size=79768, ...}) = 0
stderr.txt:access("/bin/mkdir", R_OK)              = 0
[root@router logcheck]# grep b8maUs *txt
RPH-stderr.txt:"/tmp/logcheck.b8maUs\n", 128)  = 21
RPH-stderr.txt:write(2, "+ TMPDIR=/tmp/logcheck.b8maUs\n", 30+ TMPDIR=/tmp/logcheck.b8maUs
RPH-stderr.txt:write(2, "+ cleanrules /etc/logcheck/crack"..., 68+ cleanrules /etc/logcheck/cracking.d /tmp/logcheck.b8maUs/cracking
RPH-stderr.txt:write(2, "+ cleaned=/tmp/logcheck.b8maUs/c"..., 40+ cleaned=/tmp/logcheck.b8maUs/cracking
RPH-stderr.txt:write(2, "+ '[' '!' -d /tmp/logcheck.b8maU"..., 47+ '[' '!' -d /tmp/logcheck.b8maUs/cracking ']'
RPH-stderr.txt:stat("/tmp/logcheck.b8maUs/cracking", 0x7ffc0d65a610) = -1 ENOENT (No such file or directory)
RPH-stderr.txt:write(2, "+ mkdir /tmp/logcheck.b8maUs/cra"..., 38+ mkdir /tmp/logcheck.b8maUs/cracking
RPH-stderr.txt:write(2, "+ cleanrules /etc/logcheck/viola"..., 72+ cleanrules /etc/logcheck/violations.d /tmp/logcheck.b8maUs/violations
RPH-stderr.txt:write(2, "+ cleaned=/tmp/logcheck.b8maUs/v"..., 42+ cleaned=/tmp/logcheck.b8maUs/violations
RPH-stderr.txt:write(2, "+ '[' '!' -d /tmp/logcheck.b8maU"..., 49+ '[' '!' -d /tmp/logcheck.b8maUs/violations ']'
RPH-stderr.txt:stat("/tmp/logcheck.b8maUs/violations", 0x7ffc0d65a610) = -1 ENOENT (No such file or directory)
RPH-stderr.txt:write(2, "+ mkdir /tmp/logcheck.b8maUs/vio"..., 40+ mkdir /tmp/logcheck.b8maUs/violations
RPH-stderr.txt:write(2, "+ cleanrules /etc/logcheck/viola"..., 86+ cleanrules /etc/logcheck/violations.ignore.d /tmp/logcheck.b8maUs/violations-ignore
RPH-stderr.txt:write(2, "+ cleaned=/tmp/logcheck.b8maUs/v"..., 49+ cleaned=/tmp/logcheck.b8maUs/violations-ignore
RPH-stderr.txt:write(2, "+ '[' '!' -d /tmp/logcheck.b8maU"..., 56+ '[' '!' -d /tmp/logcheck.b8maUs/violations-ignore ']'
RPH-stderr.txt:stat("/tmp/logcheck.b8maUs/violations-ignore", 0x7ffc0d65a610) = -1 ENOENT (No such file or directory)
RPH-stderr.txt:write(2, "+ mkdir /tmp/logcheck.b8maUs/vio"..., 47+ mkdir /tmp/logcheck.b8maUs/violations-ignore
RPH-stderr.txt:write(2, "+ cleanrules /etc/logcheck/ignor"..., 71+ cleanrules /etc/logcheck/ignore.d.server /tmp/logcheck.b8maUs/ignore
RPH-stderr.txt:write(2, "+ cleaned=/tmp/logcheck.b8maUs/i"..., 38+ cleaned=/tmp/logcheck.b8maUs/ignore
RPH-stderr.txt:write(2, "+ '[' '!' -d /tmp/logcheck.b8maU"..., 45+ '[' '!' -d /tmp/logcheck.b8maUs/ignore ']'
RPH-stderr.txt:stat("/tmp/logcheck.b8maUs/ignore", 0x7ffc0d65a500) = -1 ENOENT (No such file or directory)
RPH-stderr.txt:write(2, "+ mkdir /tmp/logcheck.b8maUs/ign"..., 36+ mkdir /tmp/logcheck.b8maUs/ignore
RPH-stderr.txt:write(2, "+ cleanrules /etc/logcheck/ignor"..., 73+ cleanrules /etc/logcheck/ignore.d.paranoid /tmp/logcheck.b8maUs/ignore
RPH-stderr.txt:write(2, "+ cleaned=/tmp/logcheck.b8maUs/i"..., 38+ cleaned=/tmp/logcheck.b8maUs/ignore
RPH-stderr.txt:write(2, "+ '[' '!' -d /tmp/logcheck.b8maU"..., 45+ '[' '!' -d /tmp/logcheck.b8maUs/ignore ']'
RPH-stderr.txt:stat("/tmp/logcheck.b8maUs/ignore", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
RPH-stderr.txt:write(2, "+ mkdir /tmp/logcheck.b8maUs/log"..., 39+ mkdir /tmp/logcheck.b8maUs/logoutput
RPH-stderr.txt:write(2, "+ '[' -d /tmp/logcheck.b8maUs ']"..., 34+ '[' -d /tmp/logcheck.b8maUs ']'
RPH-stderr.txt:stat("/tmp/logcheck.b8maUs", {st_mode=S_IFDIR|0700, st_size=91, ...}) = 0
RPH-stderr.txt:write(2, "+ debug 'cleanup: Removing - /tm"..., 51+ debug 'cleanup: Removing - /tmp/logcheck.b8maUs'
RPH-stderr.txt:write(2, "+ rm -r /tmp/logcheck.b8maUs\n", 29+ rm -r /tmp/logcheck.b8maUs
[root@router logcheck]# 



I'll dial out the rmdir and we can look
Comment 12 R P Herrold 2017-08-30 18:48:30 UTC 
actually there is a debugging hook I can add in the config file

    if [ -d "$TMPDIR" ]; then
        # Remove the tmp directory
        if [ "$NOCLEANUP" -eq 0 ];then
            cd $STATEDIR
            debug "cleanup: Removing - $TMPDIR"
            rm -r "$TMPDIR"
        else
            debug "cleanup: Not removing - $TMPDIR"
        fi
    fi

[root@router logcheck]# mv RPH-stdout.txt  1-RPH-stdout.txt 
[root@router logcheck]# mv RPH-stderr.txt 1-RPH-stderr.txt 
[root@router logcheck]# sudo -u logcheck strace /usr/sbin/RPH-logcheck -o -t > RPH-stdout.txt  2> RPH-stderr.txt^C
[root@router logcheck]# diff -u /etc/logcheck/logcheck.conf-ORIG /etc/logcheck/logcheck.conf 
--- /etc/logcheck/logcheck.conf-ORIG    2017-08-30 14:45:22.644180258 -0400
+++ /etc/logcheck/logcheck.conf 2017-08-30 14:45:45.447871495 -0400
@@ -83,3 +83,8 @@
 # location, such as /var/tmp
 
 TMP="/tmp"
+
+
+##
+## RPH
+NOCLEANUP=1
[root@router logcheck]# sudo -u logcheck strace /usr/sbin/RPH-logcheck -o -t > RPH-stdout.txt  2> RPH-stderr.txt

and that left a logfile directory behind

[root@router logcheck]# ls /tmp
firefox_herrold
hsperfdata_root
logcheck.2iXr1S
Comment 13 R P Herrold 2017-08-30 18:54:09 UTC 
and the sub-directories have content

[root@router logcheck]# cd /tmp/logcheck.2iXr1S
[root@router logcheck.2iXr1S]# ls -al
total 8
drwx------.  7 logcheck logcheck   91 Aug 30 14:47 .
drwxrwxrwt. 13 root     root     4096 Aug 30 14:48 ..
drwx------.  2 logcheck logcheck   81 Aug 30 14:47 cracking
drwx------.  2 logcheck logcheck 4096 Aug 30 14:47 ignore
drwx------.  2 logcheck logcheck   21 Aug 30 14:47 logoutput
drwx------.  2 logcheck logcheck   52 Aug 30 14:47 violations
drwx------.  2 logcheck logcheck   44 Aug 30 14:47 violations-ignore
[root@router logcheck.2iXr1S]# du -sh *
24K     cracking
652K    ignore
4.0K    logoutput
16K     violations
8.0K    violations-ignore
[root@router logcheck.2iXr1S]# 

lots of irrelevant files, but some have content

[root@router logcheck.2iXr1S]# find . -type f  -a -exec wc -l {} \;
1 ./cracking/kernel
1 ./cracking/rlogind
1 ./cracking/rsh
4 ./cracking/smartd
1 ./cracking/tftpd
1 ./cracking/uucico
2 ./violations/kernel
3 ./violations/smartd
4 ./violations/su
3 ./violations/sudo
9 ./violations-ignore/logcheck-su
5 ./violations-ignore/logcheck-sudo
3 ./ignore/NetworkManager
8 ./ignore/acpid
1 ./ignore/amandad
5 ./ignore/amavisd-new
8 ./ignore/anacron
2 ./ignore/anon-proxy
1 ./ignore/apache
1 ./ignore/apcupsd
2 ./ignore/arpwatch
1 ./ignore/asterisk
16 ./ignore/automount
37 ./ignore/bind
8 ./ignore/bluez-utils
20 ./ignore/courier
2 ./ignore/cpqarrayd
5 ./ignore/cpufreqd
12 ./ignore/cron
23 ./ignore/cron-apt
9 ./ignore/cups-lpd
1 ./ignore/cvs-pserver
2 ./ignore/cvsd
6 ./ignore/cyrus
7 ./ignore/dbus
4 ./ignore/dcc
2 ./ignore/ddclient
24 ./ignore/dhclient
40 ./ignore/dhcp
1 ./ignore/dictd
2 ./ignore/dkfilter
2 ./ignore/dkim-filter
5 ./ignore/dnsmasq
26 ./ignore/dovecot
4 ./ignore/dropbear
2 ./ignore/dspam
1 ./ignore/epmd
12 ./ignore/exim4
1 ./ignore/fcron
1 ./ignore/ftpd
1 ./ignore/git-daemon
4 ./ignore/gnu-imap4d
4 ./ignore/gps
1 ./ignore/grinch
2 ./ignore/horde3
8 ./ignore/hplip
19 ./ignore/hylafax
5 ./ignore/ikiwiki
6 ./ignore/imap
4 ./ignore/imapproxy
1 ./ignore/imp
1 ./ignore/imp4
65 ./ignore/innd
17 ./ignore/ipppd
3 ./ignore/isdnlog
13 ./ignore/isdnutils
24 ./ignore/jabberd
81 ./ignore/kernel
1 ./ignore/klogind
3 ./ignore/krb5-kdc
1 ./ignore/libpam-krb5
2 ./ignore/libpam-mount
12 ./ignore/logcheck
3 ./ignore/login
10 ./ignore/maradns
74 ./ignore/mldonkey-server
3 ./ignore/mon
1 ./ignore/mountd
23 ./ignore/nagios
5 ./ignore/netconsole
2 ./ignore/nfs
3 ./ignore/nntpcache
1 ./ignore/nscd
1 ./ignore/nslcd
80 ./ignore/openvpn
1 ./ignore/otrs
2 ./ignore/passwd
53 ./ignore/pdns
4 ./ignore/perdition
2 ./ignore/policyd
4 ./ignore/popa3d
189 ./ignore/postfix
2 ./ignore/postfix-policyd
20 ./ignore/ppp
10 ./ignore/pptpd
1 ./ignore/procmail
23 ./ignore/proftpd
2 ./ignore/puppetd
11 ./ignore/pure-ftpd
7 ./ignore/pureftp
7 ./ignore/qpopper
5 ./ignore/rbldnsd
2 ./ignore/rpc_statd
3 ./ignore/rsnapshot
12 ./ignore/rsync
2 ./ignore/sa-exim
11 ./ignore/samba
8 ./ignore/saned
2 ./ignore/sasl2-bin
10 ./ignore/saslauthd
3 ./ignore/schroot
1 ./ignore/scponly
2 ./ignore/slapd
26 ./ignore/smartd
1 ./ignore/smbd_audit
3 ./ignore/smokeping
2 ./ignore/snmpd
35 ./ignore/snort
1 ./ignore/spamc
36 ./ignore/spamd
78 ./ignore/squid
51 ./ignore/ssh
8 ./ignore/stunnel
8 ./ignore/su
4 ./ignore/sudo
34 ./ignore/sympa
1 ./ignore/syslogd
4 ./ignore/systemd
5 ./ignore/teapop
3 ./ignore/telnetd
3 ./ignore/tftpd
3 ./ignore/thy
1 ./ignore/ucd-snmp
2 ./ignore/upsd
3 ./ignore/uptimed
2 ./ignore/userv
1 ./ignore/vsftpd
6 ./ignore/watchdog
1 ./ignore/wu-ftpd
7 ./ignore/xinetd
5 ./ignore/incron
1 ./ignore/sysklogd
1 ./ignore/tripwire
1 ./ignore/usb
1 ./logoutput/messages
[root@router logcheck.2iXr1S]# 

but they all look like print formats rather than content
n
[root@router logcheck.2iXr1S]# find . -type f  -a -exec wc -l {} \; | grep -v "^1 " | grep -v ignore
4 ./cracking/smartd
2 ./violations/kernel
3 ./violations/smartd
4 ./violations/su
3 ./violations/sudo
[root@router logcheck.2iXr1S]# cat ./cracking/smartd ./violations/kernel ./violations/smartd ./violations/su ./violations/sudo 
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smartd\[[0-9]+\]: Device: /dev/[^[:space:]]+( \[(3ware|cciss)_disk_[[:digit:]]+\])?, SMART Usage Attribute: 5 Reallocated_Sector_Ct changed from [[:digit:]]+ to [[:digit:]]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smartd\[[0-9]+\]: Device: /dev/[^[:space:]]+( \[(3ware|cciss)_disk_[[:digit:]]+\])?, SMART Usage Attribute: 197 Current_Pending_Sector changed from [[:digit:]]+ to [1-9][[:digit:]]*$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smartd\[[0-9]+\]: Device: /dev/[^[:space:]]+( \[(3ware|cciss)_disk_[[:digit:]]+\])?, SMART Usage Attribute: 198 Offline_Uncorrectable changed from [[:digit:]]+ to [1-9][[:digit:]]*$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smartd\[[0-9]+\]: Device: /dev/[^[:space:]]+( \[(3ware|cciss)_disk_[[:digit:]]+\])?, SMART Usage Attribute: 199 UDMA_CRC_Error_Count changed from [[:digit:]]+ to [[:digit:]]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? [[:alnum:]]+: media error \(bad sector\): status=0x[[:xdigit:]]+ { DriveReady SeekComplete Error }$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? end_request: I/O error, dev [[:alnum:]]+, sector [[:digit:]]+
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smartd\[[0-9]+\]: Device: /dev/[^[:space:]]+( \[(3ware|cciss)_disk_[[:digit:]]+\])?, [[:digit:]]+ Currently unreadable \(pending\) sectors$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smartd\[[0-9]+\]: Device: /dev/[^[:space:]]+( \[(3ware|cciss)_disk_[[:digit:]]+\])?, [[:digit:]]+ Offline uncorrectable sectors$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smartd\[[0-9]+\]: Device: /dev/[^[:space:]]+( \[(3ware|cciss)_disk_[[:digit:]]+\])?, Temperature [[:digit:]]+ Celsius reached critical limit of [[:digit:]]+ Celsius \(Min/Max [[:digit:]]+!?/[[:digit:]]+!?\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]: \(pam_[[:alnum:]]+\) .*$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]: .*$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]: \+ pts/[0-9]+ [[:alnum:]]+[-:]root$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]: \+ \?\?\? root[-:][[:alnum:]]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo\[[0-9]+\]: \(pam_[[:alnum:]]+\) .*$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo\[[0-9]+\]: pam_[[:alnum:]]+\(sudo:[[:alnum:]]+\): .*$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo: .*$
[root@router logcheck.2iXr1S]# 



very curious
Comment 14 Lukas Vrabec 2017-10-12 12:20:40 UTC 
We're going to close this bug as WONTFIX because

 * of limited capacity of selinux-policy developers
 * the bug is related to EPEL component or 3rd party SW only
 * the bug appears in unsupported configuration 

We believe this bug can be fixed via a local policy module.
For more information please see: 

 * https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/selinux_users_and_administrators_guide/sect-security-enhanced_linux-troubleshooting-fixing_problems#sect-Security-Enhanced_Linux-Fixing_Problems-Allowing_Access_audit2allow

If you disagree, please re-open the bug.
Comment 15 Lukas Vrabec 2017-10-12 12:22:09 UTC 
We're going to close this bug as WONTFIX because

 * of limited capacity of selinux-policy developers
 * the bug is related to EPEL component or 3rd party SW only
 * the bug appears in unsupported configuration 

We believe this bug can be fixed via a local policy module.
For more information please see: 

 * https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/selinux_users_and_administrators_guide/sect-security-enhanced_linux-troubleshooting-fixing_problems#sect-Security-Enhanced_Linux-Fixing_Problems-Allowing_Access_audit2allow

If you disagree, please re-open the bug.
Comment 16 Brian J. Murrell 2017-10-12 13:17:27 UTC 
(In reply to Lukas Vrabec from comment #14)
> We're going to close this bug as WONTFIX because
> 
>  * the bug is related to EPEL component or 3rd party SW only

spamassassin in in the base repository

>  * the bug appears in unsupported configuration 

What is it about my configuration that is unsupported?
 
> We believe this bug can be fixed via a local policy module.

Sure it can, and it has been.  But that doesn't help anyone/eveyone else.

https://stopdisablingselinux.com/
https://ma.ttias.be/stop-disabling-selinux-real-world-guide/

> If you disagree, please re-open the bug.

Will do.
Comment 21 errata-xmlrpc 2018-10-30 09:59:46 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:3111