Bug 1460490 - amavisd does not work after upgrade of libdb
amavisd does not work after upgrade of libdb
Status: CLOSED EOL
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
25
Unspecified Unspecified
unspecified Severity high
: ---
: ---
Assigned To: Lukas Vrabec
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2017-06-11 04:10 EDT by Kim Bisgaard
Modified: 2017-12-12 05:39 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2017-12-12 05:39:25 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
raw avcs (7.96 KB, text/plain)
2017-06-14 14:18 EDT, Kim Bisgaard
no flags Details

  None (edit)
Description Kim Bisgaard 2017-06-11 04:10:44 EDT
Description of problem:
The upgrade of libdb, results in selinux denials preventing amavid from running.

Version-Release number of selected component (if applicable):
libdb-5.3.28-21.fc25.x86_64
selinux-policy-targeted-3.13.1-225.16.fc25.noarch

How reproducible:
allways

Steps to Reproduce:
1. systemctl restart amavisd
2. ausearch  --raw | audit2allow
#============= init_t ==============

#!!!! This avc is allowed in the current policy
allow init_t antivirus_db_t:file lock;

#!!!! This avc is allowed in the current policy
allow init_t antivirus_db_t:lnk_file create;
Comment 1 Kim Bisgaard 2017-06-11 04:29:01 EDT
And this shows up in logs:
Jun 11 09:44:03 XX amavis[4937]: starting. /usr/sbin/amavisd at XX.YY.ZZ amavisd-new-2.11.0 (20160426), Unicode aware, LAN
G="en_US.UTF-8"
Jun 11 09:44:03 XX amavis[4939]: Net::Server: Group Not Defined.  Defaulting to EGID '981 981'
Jun 11 09:44:03 XX amavis[4939]: Net::Server: User Not Defined.  Defaulting to EUID '983'
Jun 11 09:44:03 XX amavis[4939]: Using primary internal av scanner code for ClamAV-clamd
Jun 11 09:44:03 XX amavis[4939]: Found secondary av scanner ClamAV-clamscan at /usr/bin/clamscan
Jun 11 09:44:03 XX amavis[4939]: (!!)TROUBLE in pre_loop_hook: BDB can't create db env. at /var/spool/amavisd/db: Permission denied, Permission denied. at (eval 81) line 314.
Jun 11 09:44:03 XX amavis[4939]: (!)_DIE: Suicide () TROUBLE in pre_loop_hook: BDB can't create db env. at /var/spool/amavisd/db: Permission denied, Permission denied. at (eval 81) line 314.
Comment 2 Daniel Walsh 2017-06-14 10:56:24 EDT
It would be better for you to attach the raw avcs. This could be caused by amavis running from a different path, and therefore not labeled correctly.
Comment 3 Kim Bisgaard 2017-06-14 14:18 EDT
Created attachment 1287745 [details]
raw avcs

Like this?
Comment 4 Fedora End Of Life 2017-12-12 05:39:25 EST
Fedora 25 changed to end-of-life (EOL) status on 2017-12-12. Fedora 25 is
no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen this bug against that version. If you
are unable to reopen this bug, please file a new report against the
current release. If you experience problems, please add a comment to this
bug.

Thank you for reporting this bug and we are sorry it could not be fixed.

Note You need to log in before you can comment on or make changes to this bug.