Hide Forgot
I store amavisd-new configuration information in a MySQL database, but the SELinux policy prevents amavis_t from connecting to MySQL (amavisd-new also support PostgreSQL). type=AVC msg=audit(1380216717.948:14804): avc: denied { name_connect } for pid=22644 comm="amavisd" dest=3306 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:mysqld_port_t:s0 tclass=tcp_socket
Well in Fedora we allow amavis to connect to myqsql stream socket, so I don't see a big difference in allowing this (In latest Fedora/RHEL7 amavis domain has been consolidated into antivirus_t) Not sure it would be worth adding a boolean for this.
Well it has been also fixed in RHEL6.5 and we have antivirus_domain also here. #cat /tmp/log|audit2allow #============= amavis_t ============== #!!!! This avc is allowed in the current policy allow amavis_t mysqld_port_t:tcp_socket name_connect So it will be a part of RHEL6.5 updates. You can add a local policy for now to allow it.
Thanks - I was already planning to add a temp local policy, and will watch for the update.