Bug 444313
| Summary: | AVC denieds by SpamAssassin via MIMEDefang | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Robert Scheck <redhat-bugzilla> |
| Component: | selinux-policy-targeted | Assignee: | Radek Vokál <rvokal> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Ben Levenson <benl> |
| Severity: | medium | Docs Contact: | |
| Priority: | low | ||
| Version: | 9 | CC: | k.georgiou, rvokal |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2008-11-17 22:03:36 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
mimedefang needs a policy written for it. Is it hard for you to work out a suitable policy for mimedefang? Because writing a hackish policy for a third party software was a bigger thing for me... just a matter of time. Josef, Could you take a stab at writing policy for MIMEDefang? Of course I'm willing to test and report etc. Hello Dan, of course :-) Changing version to '9' as part of upcoming Fedora 9 GA. More information and reason for this action is here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping I got a similar AVC to [1] in #448221 most likely you need a similar one so procmail can call spamassassin. [1] type=SELINUX_ERR msg=audit(1209251487.133:192969): security_compute_sid: invalid context system_u:system_r:spamassassin_t:s0 for scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:object_r:spamassassin_exec_t:s0 tclass=process Fixed in selinux-policy-3.3.1-72.fc9.noarch User jkubin's account has been closed Closing all bugs that have been in modified for over a month. Please reopen if the bug is not actually fixed. |
Description of problem: I've several AVC denieds by SpamAssassin when it's invoked by MIMEDefang in a normal setup. AFAIK I re-assigned a few other AVC denieds related to MIMDefang to you in the past: type=USER_AUTH msg=audit(1209251487.033:192967): user pid=13454 uid=0 auid=500 subj=system_u:system_r:saslauthd_t:s0 msg='op=PAM:authentication acct="robert" exe="/usr/sbin/saslauthd" (hostname=?, addr=?, terminal=? res=success)' type=USER_ACCT msg=audit(1209251487.037:192968): user pid=13454 uid=0 auid=500 subj=system_u:system_r:saslauthd_t:s0 msg='op=PAM:accounting acct="robert" exe="/usr/sbin/saslauthd" (hostname=?, addr=?, terminal=? res=success)' type=SELINUX_ERR msg=audit(1209251487.133:192969): security_compute_sid: invalid context system_u:system_r:spamassassin_t:s0 for scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:object_r:spamassassin_exec_t:s0 tclass=process type=AVC msg=audit(1209251487.133:192969): avc: denied { write } for pid=11331 comm="spamassassin" path="pipe:[45037403]" dev=pipefs ino=45037403 scontext=system_u:system_r:spamassassin_t:s0 tcontext=system_u:system_r:sendmail_t:s0 tclass=fifo_file type=AVC msg=audit(1209251487.133:192969): avc: denied { read write } for pid=11331 comm="spamassassin" path="socket:[45037364]" dev=sockfs ino=45037364 scontext=system_u:system_r:spamassassin_t:s0 tcontext=system_u:system_r:sendmail_t:s0 tclass=unix_stream_socket type=AVC msg=audit(1209251487.133:192969): avc: denied { read } for pid=11331 comm="spamassassin" path="/var/spool/mqueue/dfm3QNBNwl011323" dev=cciss/c0d0p2 ino=1097746 scontext=system_u:system_r:spamassassin_t:s0 tcontext=system_u:object_r:mqueue_spool_t:s0 tclass=file type=SYSCALL msg=audit(1209251487.133:192969): arch=40000003 syscall=11 success=yes exit=0 a0=bfd7f964 a1=9d2d968 a2=9d2d920 a3=9d2d9bf items=0 ppid=11330 pid=11331 auid=500 uid=500 gid=100 euid=500 suid=500 fsuid=500 egid=100 sgid=100 fsgid=100 tty=(none) comm="spamassassin" exe="/usr/bin/perl" subj=system_u:system_r:spamassassin_t:s0 key=(null) type=AVC msg=audit(1209251487.138:192970): avc: denied { ioctl } for pid=11331 comm="spamassassin" path="pipe:[45037403]" dev=pipefs ino=45037403 scontext=system_u:system_r:spamassassin_t:s0 tcontext=system_u:system_r:sendmail_t:s0 tclass=fifo_file type=SYSCALL msg=audit(1209251487.138:192970): arch=40000003 syscall=54 success=no exit=-22 a0=2 a1=5401 a2=bfbf03a8 a3=bfbf03e8 items=0 ppid=11330 pid=11331 auid=500 uid=500 gid=100 euid=500 suid=500 fsuid=500 egid=100 sgid=100 fsgid=100 tty=(none) comm="spamassassin" exe="/usr/bin/perl" subj=system_u:system_r:spamassassin_t:s0 key=(null) type=AVC msg=audit(1209251488.814:192971): avc: denied { read } for pid=11331 comm="spamassassin" name="stat" dev=proc ino=4026531853 scontext=system_u:system_r:spamassassin_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file type=SYSCALL msg=audit(1209251488.814:192971): arch=40000003 syscall=5 success=yes exit=4 a0=5835fd a1=0 a2=1b6 a3=5835fd items=0 ppid=11330 pid=11331 auid=500 uid=500 gid=100 euid=500 suid=500 fsuid=500 egid=100 sgid=100 fsgid=100 tty=(none) comm="spamassassin" exe="/usr/bin/perl" subj=system_u:system_r:spamassassin_t:s0 key=(null) type=AVC msg=audit(1209251488.814:192972): avc: denied { getattr } for pid=11331 comm="spamassassin" path="/proc/stat" dev=proc ino=4026531853 scontext=system_u:system_r:spamassassin_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file type=SYSCALL msg=audit(1209251488.814:192972): arch=40000003 syscall=197 success=yes exit=0 a0=4 a1=bfbee0b8 a2=5aeff4 a3=8ea9078 items=0 ppid=11330 pid=11331 auid=500 uid=500 gid=100 euid=500 suid=500 fsuid=500 egid=100 sgid=100 fsgid=100 tty=(none) comm="spamassassin" exe="/usr/bin/perl" subj=system_u:system_r:spamassassin_t:s0 key=(null) type=AVC msg=audit(1209251488.826:192973): avc: denied { name_bind } for pid=11331 comm="spamassassin" src=17769 scontext=system_u:system_r:spamassassin_t:s0 tcontext=system_u:object_r:port_t:s0 tclass=udp_socket type=AVC msg=audit(1209251488.826:192973): avc: denied { node_bind } for pid=11331 comm="spamassassin" src=17769 scontext=system_u:system_r:spamassassin_t:s0 tcontext=system_u:object_r:inaddr_any_node_t:s0 tclass=udp_socket type=SYSCALL msg=audit(1209251488.826:192973): arch=40000003 syscall=102 success=yes exit=0 a0=2 a1=bfbf06f0 a2=39b4d4 a3=10 items=0 ppid=11330 pid=11331 auid=500 uid=500 gid=100 euid=500 suid=500 fsuid=500 egid=100 sgid=100 fsgid=100 tty=(none) comm="spamassassin" exe="/usr/bin/perl" subj=system_u:system_r:spamassassin_t:s0 key=(null) type=AVC msg=audit(1209251489.485:192974): avc: denied { read } for pid=11331 comm="spamassassin" name="stat" dev=proc ino=4026531853 scontext=system_u:system_r:spamassassin_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file type=SYSCALL msg=audit(1209251489.485:192974): arch=40000003 syscall=5 success=yes exit=4 a0=5835fd a1=0 a2=1b6 a3=5835fd items=0 ppid=11330 pid=11331 auid=500 uid=500 gid=100 euid=500 suid=500 fsuid=500 egid=100 sgid=100 fsgid=100 tty=(none) comm="spamassassin" exe="/usr/bin/perl" subj=system_u:system_r:spamassassin_t:s0 key=(null) type=AVC msg=audit(1209251489.486:192975): avc: denied { getattr } for pid=11331 comm="spamassassin" path="/proc/stat" dev=proc ino=4026531853 scontext=system_u:system_r:spamassassin_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file type=SYSCALL msg=audit(1209251489.486:192975): arch=40000003 syscall=197 success=yes exit=0 a0=4 a1=bfbee0b8 a2=5aeff4 a3=9748058 items=0 ppid=11330 pid=11331 auid=500 uid=500 gid=100 euid=500 suid=500 fsuid=500 egid=100 sgid=100 fsgid=100 tty=(none) comm="spamassassin" exe="/usr/bin/perl" subj=system_u:system_r:spamassassin_t:s0 key=(null) Version-Release number of selected component (if applicable): selinux-policy-3.3.1-42 How reproducible: Everytime. Actual results: AVC denieds by SpamAssassin via MIMEDefang Expected results: No AVC denieds any longer... ;-)