Bug 383041
| Summary: | perl-Razor-Agent is blocked from accessing files under home directories | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Markku Kolkka <markku.kolkka> | ||||||
| Component: | selinux-policy-targeted | Assignee: | Daniel Walsh <dwalsh> | ||||||
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Ben Levenson <benl> | ||||||
| Severity: | low | Docs Contact: | |||||||
| Priority: | low | ||||||||
| Version: | 8 | ||||||||
| Target Milestone: | --- | ||||||||
| Target Release: | --- | ||||||||
| Hardware: | x86_64 | ||||||||
| OS: | Linux | ||||||||
| Whiteboard: | |||||||||
| Fixed In Version: | Current | Doc Type: | Bug Fix | ||||||
| Doc Text: | Story Points: | --- | |||||||
| Clone Of: | Environment: | ||||||||
| Last Closed: | 2008-01-30 19:06:20 UTC | Type: | --- | ||||||
| Regression: | --- | Mount Type: | --- | ||||||
| Documentation: | --- | CRM: | |||||||
| Verified Versions: | Category: | --- | |||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||
| Embargoed: | |||||||||
| Attachments: |
|
||||||||
Created attachment 258561 [details]
The latest audit log messages generated by this bug
You can allow this for now by executing # audit2allow -M mypol -i /var/log/audit/audit.log # semodule -i mypol.pp Fixed in selinux-policy-3.0.8-58.fc8 Created attachment 267551 [details]
AVC denials from audit.log with 3.0.8-58.fc8
Installing selinux-policy-3.0.8-58.fc8 from updates-testing fixes most denials,
but not all of them.
Bulk closing a old selinux policy bugs that were in the modified state. If the bug is still not fixed. Please reopen. |
Description of problem: Each incoming message filtered with spamassassin generates several AVC denials when razor tries to access files in $HOME/.razor directory. SEtroubleshoot suggests turning on "spamd_enable_home_dirs" but it's already enabled and has no effect. Version-Release number of selected component (if applicable): selinux-policy-targeted-3.0.8-52.fc8 How reproducible: always Steps to Reproduce: 1. install spamassassin and perl-Razor-Agent 2. filter incoming mail with spamc/spamd Actual results: A bunch of AVC denials for each incoming mail, e.g.: avc: denied { getattr } for comm=spamd dev=dm-1 path=/home/mk/.razor/identity pid=2374 scontext=system_u:system_r:spamd_t:s0 tclass=lnk_file tcontext=system_u:object_r:user_razor_home_t:s0 avc: denied { getattr } for comm=spamd dev=dm-1 path=/home/mk/.razor/razor-agent.conf pid=2374 scontext=system_u:system_r:spamd_t:s0 tclass=file tcontext=system_u:object_r:user_razor_home_t:s0 Expected results: Razor should be allowed to access its per-user working files. Additional info: System configuration: http://smolt.fedoraproject.org/show?UUID=f0f66cb8-0587-4345-b507-f51325db74a6