Bug 747401
| Summary: | spamassassin - error: GPG validation faile | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Doug Maxey <dwm> |
| Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 16 | CC: | dominick.grift, dwalsh, kevin, kim-rh, mgrepl, mike, nb, tlhackque, wtogami |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | selinux-policy-3.10.0-55.fc16 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2011-11-10 17:29:49 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Doug Maxey
2011-10-19 17:36:13 UTC
Also seeing this under Fedora 15. Running sa-update -D manually succeeds with the following transcript. So perhaps there's an environment variable that crond doesn't setup?
sa-update -D
Nov 5 06:13:51.606 [24543] dbg: logger: adding facilities: all
Nov 5 06:13:51.606 [24543] dbg: logger: logging level is DBG
Nov 5 06:13:51.606 [24543] dbg: generic: SpamAssassin version 3.3.2
Nov 5 06:13:51.607 [24543] dbg: generic: Perl 5.012004, PREFIX=/usr, DEF_RULES_DIR=/usr/share/spamassassin, LOCAL_RULES_DIR=/etc/mail/spamassassin, LOCAL_STATE_DIR=/var/lib/spamassassin
Nov 5 06:13:51.607 [24543] dbg: config: timing enabled
Nov 5 06:13:51.607 [24543] dbg: config: score set 0 chosen.
Nov 5 06:13:51.623 [24543] dbg: dns: is Net::DNS::Resolver available? yes
Nov 5 06:13:51.623 [24543] dbg: dns: Net::DNS version: 0.66
Nov 5 06:13:51.623 [24543] dbg: generic: sa-update version svn917659
Nov 5 06:13:51.623 [24543] dbg: generic: using update directory: /var/lib/spamassassin/3.003002
Nov 5 06:13:51.801 [24543] dbg: diag: perl platform: 5.012004 linux
Nov 5 06:13:51.802 [24543] dbg: diag: [...] module installed: Digest::SHA1, version 2.13
Nov 5 06:13:51.802 [24543] dbg: diag: [...] module installed: HTML::Parser, version 3.68
Nov 5 06:13:51.802 [24543] dbg: diag: [...] module installed: Net::DNS, version 0.66
Nov 5 06:13:51.802 [24543] dbg: diag: [...] module installed: NetAddr::IP, version 4.037
Nov 5 06:13:51.802 [24543] dbg: diag: [...] module installed: Time::HiRes, version 1.9719
Nov 5 06:13:51.802 [24543] dbg: diag: [...] module installed: Archive::Tar, version 1.76
Nov 5 06:13:51.802 [24543] dbg: diag: [...] module installed: IO::Zlib, version 1.10
Nov 5 06:13:51.802 [24543] dbg: diag: [...] module installed: Digest::SHA1, version 2.13
Nov 5 06:13:51.802 [24543] dbg: diag: [...] module installed: MIME::Base64, version 3.08
Nov 5 06:13:51.802 [24543] dbg: diag: [...] module installed: DB_File, version 1.82
Nov 5 06:13:51.802 [24543] dbg: diag: [...] module installed: Net::SMTP, version 2.31
Nov 5 06:13:51.802 [24543] dbg: diag: [...] module installed: Mail::SPF, version v2.007
Nov 5 06:13:51.802 [24543] dbg: diag: [...] module installed: IP::Country::Fast, version 604.001
Nov 5 06:13:51.802 [24543] dbg: diag: [...] module not installed: Razor2::Client::Agent ('require' failed)
Nov 5 06:13:51.803 [24543] dbg: diag: [...] module not installed: Net::Ident ('require' failed)
Nov 5 06:13:51.803 [24543] dbg: diag: [...] module installed: IO::Socket::INET6, version 2.66
Nov 5 06:13:51.803 [24543] dbg: diag: [...] module installed: IO::Socket::SSL, version 1.40
Nov 5 06:13:51.803 [24543] dbg: diag: [...] module installed: Compress::Zlib, version 2.033
Nov 5 06:13:51.803 [24543] dbg: diag: [...] module installed: Mail::DKIM, version 0.39
Nov 5 06:13:51.803 [24543] dbg: diag: [...] module installed: DBI, version 1.615
Nov 5 06:13:51.803 [24543] dbg: diag: [...] module installed: Getopt::Long, version 2.38
Nov 5 06:13:51.803 [24543] dbg: diag: [...] module installed: LWP::UserAgent, version 6.02
Nov 5 06:13:51.803 [24543] dbg: diag: [...] module installed: HTTP::Date, version 6.00
Nov 5 06:13:51.803 [24543] dbg: diag: [...] module installed: Encode::Detect, version 1.01
Nov 5 06:13:51.804 [24543] dbg: gpg: Searching for 'gpg'
Nov 5 06:13:51.804 [24543] dbg: util: current PATH is: /usr/lib64/qt-3.3/bin:/usr/lib64/ccache:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
Nov 5 06:13:51.804 [24543] dbg: util: executable for gpg was found at /usr/bin/gpg
Nov 5 06:13:51.805 [24543] dbg: gpg: found /usr/bin/gpg
Nov 5 06:13:51.805 [24543] dbg: gpg: release trusted key id list: 5E541DC959CB8BAC7C78DFDC4056A61A5244EC45 26C900A46DD40CD5AD24F6D7DEE01987265FA05B 0C2B1D7175B852C64B3CDC716C55397824F434CE
Nov 5 06:13:51.812 [24543] dbg: channel: attempting channel updates.spamassassin.org
Nov 5 06:13:51.812 [24543] dbg: channel: update directory /var/lib/spamassassin/3.003002/updates_spamassassin_org
Nov 5 06:13:51.812 [24543] dbg: channel: channel cf file /var/lib/spamassassin/3.003002/updates_spamassassin_org.cf
Nov 5 06:13:51.812 [24543] dbg: channel: channel pre file /var/lib/spamassassin/3.003002/updates_spamassassin_org.pre
Nov 5 06:13:51.813 [24543] dbg: channel: metadata version = 1195874
Nov 5 06:13:52.170 [24543] dbg: dns: 2.3.3.updates.spamassassin.org => 1195874, parsed as 1195874
Nov 5 06:13:52.170 [24543] dbg: channel: current version is 1195874, new version is 1195874, skipping channel
Nov 5 06:13:52.170 [24543] dbg: diag: updates complete, exiting with code 1
Installed Packages
spamassassin.x86_64 3.3.2-7.fc15 @updates
set
BASH=/bin/bash
BASHOPTS=checkwinsize:cmdhist:expand_aliases:extquote:force_fignore:hostcomplete:interactive_comments:login_shell:progcomp:promptvars:sourcepath
BASH_ALIASES=()
BASH_ARGC=()
BASH_ARGV=()
BASH_CMDS=()
BASH_LINENO=()
BASH_SOURCE=()
BASH_VERSINFO=([0]="4" [1]="2" [2]="10" [3]="1" [4]="release" [5]="x86_64-redhat-linux-gnu")
BASH_VERSION='4.2.10(1)-release'
COLORS=/etc/DIR_COLORS
COLUMNS=132
CVS_RSH=ssh
DIRSTACK=()
DISPLAY=localhost:10.0
EDITOR=emacs
EUID=0
GROUPS=()
G_BROKEN_FILENAMES=1
HISTCONTROL=ignoredups
HISTFILE=/root/.bash_history
HISTFILESIZE=1000
HISTSIZE=1000
HOME=/root
HOSTNAME=hagrid.example.net
HOSTTYPE=x86_64
IFS=$' \t\n'
KDEDIRS=/usr
KDE_IS_PRELINKED=1
LANG=en_US.UTF-8
LESSOPEN='||/usr/bin/lesspipe.sh %s'
LINES=48
LOGNAME=root
LS_COLORS='rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:mi=01;05;37;41:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arj=01;31:*.taz=01;31:*.lzh=01;31:*.lzma=01;31:*.tlz=01;31:*.txz=01;31:*.zip=01;31:*.z=01;31:*.Z=01;31:*.dz=01;31:*.gz=01;31:*.lz=01;31:*.xz=01;31:*.bz2=01;31:*.tbz=01;31:*.tbz2=01;31:*.bz=01;31:*.tz=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31:*.war=01;31:*.ear=01;31:*.sar=01;31:*.rar=01;31:*.ace=01;31:*.zoo=01;31:*.cpio=01;31:*.7z=01;31:*.rz=01;31:*.jpg=01;35:*.jpeg=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.png=01;35:*.svg=01;35:*.svgz=01;35:*.mng=01;35:*.pcx=01;35:*.mov=01;35:*.mpg=01;35:*.mpeg=01;35:*.m2v=01;35:*.mkv=01;35:*.ogm=01;35:*.mp4=01;35:*.m4v=01;35:*.mp4v=01;35:*.vob=01;35:*.qt=01;35:*.nuv=01;35:*.wmv=01;35:*.asf=01;35:*.rm=01;35:*.rmvb=01;35:*.flc=01;35:*.avi=01;35:*.fli=01;35:*.flv=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:*.yuv=01;35:*.cgm=01;35:*.emf=01;35:*.axv=01;35:*.anx=01;35:*.ogv=01;35:*.ogx=01;35:*.aac=01;36:*.au=01;36:*.flac=01;36:*.mid=01;36:*.midi=01;36:*.mka=01;36:*.mp3=01;36:*.mpc=01;36:*.ogg=01;36:*.ra=01;36:*.wav=01;36:*.axa=01;36:*.oga=01;36:*.spx=01;36:*.xspf=01;36:'
MACHTYPE=x86_64-redhat-linux-gnu
MAIL=/var/spool/mail/root
MAILCHECK=60
OLDPWD=/var/log
OPTERR=1
OPTIND=1
OSTYPE=linux-gnu
PATH=/usr/lib64/qt-3.3/bin:/usr/lib64/ccache:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin
PIPESTATUS=([0]="0")
PPID=3513
PROMPT_COMMAND='printf "\033]0;%s@%s:%s\007" "${USER}" "${HOSTNAME%%.*}" "${PWD/#$HOME/~}"'
PS1='[\u@\h \W]\$ '
PS2='> '
PS4='+ '
PWD=/root
QTDIR=/usr/lib64/qt-3.3
QTINC=/usr/lib64/qt-3.3/include
QTLIB=/usr/lib64/qt-3.3/lib
SELINUX_LEVEL_REQUESTED=
SELINUX_ROLE_REQUESTED=
SELINUX_USE_CURRENT_RANGE=
SHELL=/bin/bash
SHELLOPTS=braceexpand:emacs:hashall:histexpand:history:interactive-comments:monitor
SHLVL=1
SSH_ASKPASS=/usr/libexec/openssh/gnome-ssh-askpass
SSH_CLIENT='192.168.148.110 49610 22'
SSH_CONNECTION='192.168.148.110 49610 192.168.148.136 22'
SSH_TTY=/dev/pts/0
TERM=xterm
UID=0
USER=root
XDG_RUNTIME_DIR=/run/user/root
XDG_SESSION_ID=1
_='*spamassassin*'
colors=/etc/DIR_COLORS
__udisks ()
{
local IFS='
';
local cur="${COMP_WORDS[COMP_CWORD]}";
if [ "${COMP_WORDS[$(($COMP_CWORD - 1))]}" = "--show-info" ]; then
COMPREPLY=($(compgen -W "$(udisks --enumerate-device-files)" -- $cur));
else
if [ "${COMP_WORDS[$(($COMP_CWORD - 1))]}" = "--inhibit-polling" ]; then
COMPREPLY=($(compgen -W "$(udisks --enumerate-device-files)" -- $cur));
else
if [ "${COMP_WORDS[$(($COMP_CWORD - 1))]}" = "--mount" ]; then
COMPREPLY=($(compgen -W "$(udisks --enumerate-device-files)" -- $cur));
else
if [ "${COMP_WORDS[$(($COMP_CWORD - 1))]}" = "--unmount" ]; then
COMPREPLY=($(compgen -W "$(udisks --enumerate-device-files)" -- $cur));
else
if [ "${COMP_WORDS[$(($COMP_CWORD - 1))]}" = "--detach" ]; then
COMPREPLY=($(compgen -W "$(udisks --enumerate-device-files)" -- $cur));
else
if [ "${COMP_WORDS[$(($COMP_CWORD - 1))]}" = "--eject" ]; then
COMPREPLY=($(compgen -W "$(udisks --enumerate-device-files)" -- $cur));
else
if [ "${COMP_WORDS[$(($COMP_CWORD - 1))]}" = "--ata-smart-refresh" ]; then
COMPREPLY=($(compgen -W "$(udisks --enumerate-device-files)" -- $cur));
else
if [ "${COMP_WORDS[$(($COMP_CWORD - 1))]}" = "--ata-smart-simulate" ]; then
_filedir || return 0;
else
if [ "${COMP_WORDS[$(($COMP_CWORD - 1))]}" = "--set-spindown" ]; then
COMPREPLY=($(compgen -W "$(udisks --enumerate-device-files)" -- $cur));
else
if [ "${COMP_WORDS[$(($COMP_CWORD - 1))]}" = "--poll-for-media" ]; then
COMPREPLY=($(compgen -W "$(udisks --enumerate-device-files)" -- $cur));
else
COMPREPLY=($(IFS=: compgen -W "--dump:--inhibit-polling:--inhibit-all-polling:--enumerate:--enumerate-device-files:--monitor:--monitor-detail:--show-info:--help:--mount:--mount-fstype:--mount-options:--unmount:--unmount-options:--detach:--detach-options:--eject:--eject-options:--ata-smart-refresh:--ata-smart-wakeup:--ata-smart-simulate:--set-spindown:--set-spindown-all:--spindown-timeout:--poll-for-media" -- $cur));
fi;
fi;
fi;
fi;
fi;
fi;
fi;
fi;
fi;
fi
}
_beesu ()
{
local curw;
COMPREPLY=();
curw=${COMP_WORDS[COMP_CWORD]};
COMPREPLY=($(compgen -c -f -b -- $curw));
return 0
}
command_not_found_handle ()
{
runcnf=1;
retval=127;
[ ! -S /var/run/dbus/system_bus_socket ] && runcnf=0;
[ ! -x /usr/libexec/packagekitd ] && runcnf=0;
if [ $runcnf -eq 1 ]; then
/usr/libexec/pk-command-not-found $@;
retval=$?;
else
echo "bash: $1: command not found";
fi;
return $retval
}
crontab:
SHELL=/bin/bash
PATH=/sbin:/bin:/usr/sbin:/usr/bin
MAILTO=admin
HOME=/
Looks like a selinux issue: audit2allow -la #============= gpg_t ============== allow gpg_t spamd_tmp_t:file read; *** Bug 750903 has been marked as a duplicate of this bug. *** Moving this to selinux-policy for comment. Seems to be affecting f15 as well. Ah, I didn't see that. I see the SELinux denial now.
type=AVC msg=audit(1320140967.671:32657): avc: denied { read } for pid=31629 comm="gpg" name=".spamassassin31622sLIfGvtmp" dev=dm-1 ino=60031016 scontext=system_u:system_r:gpg_t:s0-s0:c0.c1023 tcontext=system_u:object_r:spamd_tmp_t:s0 tclass=file
This is fixed in the latest F16 policy which is available from koji. (In reply to comment #6) > This is fixed in the latest F16 policy which is available from koji. Do I need to open a separate bug for F15? My AVC is from F15. selinux-policy-3.10.0-55.fc16 has been submitted as an update for Fedora 16. https://admin.fedoraproject.org/updates/selinux-policy-3.10.0-55.fc16 selinux-policy-3.10.0-55.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report. |