Bug 451631
Summary: | Problem with Spamassassin triggered by procmail | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Adam Huffman <bloch> | ||||
Component: | selinux-policy | Assignee: | Daniel Walsh <dwalsh> | ||||
Status: | CLOSED NOTABUG | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
Severity: | medium | Docs Contact: | |||||
Priority: | low | ||||||
Version: | 9 | CC: | jkubin | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2008-06-24 10:04:26 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Adam Huffman
2008-06-16 10:52:54 UTC
Created attachment 309477 [details]
Alert text from sealert
This avc shows spamassassin tryint to bind to a udp socket 32230? Is this expected behaviour? You can allow this for now. # audit2allow -M mypol -l -i /var/log/audit/audit.log # semodule -i mypol.pp I'm assuming it's expected behaviour as I'm using SpamAssassin's defaults. Here's how it's triggered in .procmailrc: INCLUDERC=/etc/mail/spamassassin/spamassassin-default.rc and here's the content of that file: # send mail through spamassassin :0fw | /usr/bin/spamassassin Here's the content of /etc/sysconfig/spamassassin: # Options to spamd SPAMDOPTIONS="-d -c -m5 -H" Turn on the spamassassin_can_network boolean. If you run your AVC though audit2why it shows audit2why -i /tmp/t host=saintloup.smith.man.ac.uk type=AVC msg=audit(1213613494.259:1224): avc: denied { name_bind } for pid=5705 comm="spamassassin" src=32230 scontext=system_u:system_r:spamassassin_t:s0 tcontext=system_u:object_r:port_t:s0 tclass=udp_socket Was caused by: One of the following booleans was set incorrectly. Description: Allow user spamassassin clients to use the network. Allow access by executing: # setsebool -P spamassassin_can_network 1 Description: Allow system to run with NIS Allow access by executing: # setsebool -P allow_ypbind 1 |