Bug 452738
Summary: | selinux denials when using razor and spamassassin (spamd) | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Carl Roth <roth> | ||||
Component: | selinux-policy-targeted | Assignee: | Daniel Walsh <dwalsh> | ||||
Status: | CLOSED CURRENTRELEASE | QA Contact: | Ben Levenson <benl> | ||||
Severity: | low | Docs Contact: | |||||
Priority: | low | ||||||
Version: | 9 | CC: | perl-devel, redhat-bugzilla | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2008-11-17 22:04:48 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Carl Roth
2008-06-24 18:07:28 UTC
This is not a problem of razor/spamassassin, but of selinux-policy. Re- assigning to selinux-policy. Daniel, can you take care of it, please? Could you please attach the audit.log file that you used to generate this policy. Currently razor should be transitioning to spamd_t If you update to the current policy (selinux-policy-3.3.1-72.fc9.noarch) do you still need your custom policy? Yes, it transitions to spamd_t, at which point it no longer has access to razor's data and config files. I'm attaching the output of 'sealert -l' for the various AVCs generated when I disable my above-posted policy changes. These were generated on a system running with selinux-policy-targeted-3.3.1-74.fc9.noarch. Created attachment 311501 [details]
sealert output
You can allow this for now. # audit2allow -M mypol -l -i /var/log/audit/audit.log # semodule -i mypol.pp Fixed in selinux-policy-3.3.1-78.fc9.noarch Closing all bugs that have been in modified for over a month. Please reopen if the bug is not actually fixed. |