Bug 191869
Summary: | selinux denials of clamscan | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | David Baron <dbaron> | ||||
Component: | selinux-policy-targeted | Assignee: | Daniel Walsh <dwalsh> | ||||
Status: | CLOSED CURRENTRELEASE | QA Contact: | |||||
Severity: | medium | Docs Contact: | |||||
Priority: | medium | ||||||
Version: | 5 | ||||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Current | Doc Type: | Bug Fix | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2007-03-28 20:02:18 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
David Baron
2006-05-16 08:33:50 UTC
Can you turn off enforcing mode and turn on postfix_disable_trans off. Clear your log files echo > /var/log/messages setenforce 0 setsebool -P postfix_disable_trans=0 Then run some mail through your system. Collect the AVC messages and attach them here. They you can generate a loadable module audit2allow -M clamav_fix -i /var/log/messages semodule -i clamav_fix.pp setenforce 1 And see if it works. I will attempt to fix the policy to work in your environment. IIRC, I needed the postfix_disable_trans for spamassassin as well, but maybe that's been fixed too. I won't have time to mess with this for at least a week. So I don't need postfix_disable_trans at all anymore (not needed for spamassassin; doesn't help with clamscan); clamscan_disable_trans does work around this problem. I'll attach a log of the AVCs. Created attachment 129652 [details]
log of AVCs
Note that I haven't tested the audit2allow / semodule stuff on the output of that log; I just used clamscan_disable_trans instead. And it's from /var/log/audit/audit.log, not /var/log/messages . Some fixes are in selinux-policy-2.2.42-2.fc5 Closing bugs |