Bug 217221 - selinux policy (selinux-policy-2.4.3-10.fc6) breaks spamassassin
selinux policy (selinux-policy-2.4.3-10.fc6) breaks spamassassin
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
6
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-11-25 01:10 EST by greg hosler
Modified: 2007-11-30 17:11 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-11-27 11:46:00 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description greg hosler 2006-11-25 01:10:08 EST
Description of problem:

spamassassin does not work with selinux-policy-2.4.3-10.fc6; have not tried with
the original selinux-policy in FC-6.

Once 
Version-Release number of selected component (if applicable):


How reproducible:

install sendmail, spamassassin, send yourself mail.
Mail fails to be delivered.
Look in /var/log/maillog, and you will see the following:

     Nov 21 05:48:38 genesis procmail[23960]: Unknown user "hosler"
     (or whatever your name is)

Look in /var/log/messages, and you will see:

     Nov 25 14:13:50 genesis kernel: audit(1164435230.716:49): avc:  denied  {
read } for  pid=8666 comm="procmail" name="passwd" dev=hda5 ino=156422
scontext=system_u:system_r:procmail_t:s0 tcontext=user_u:object_r:shadow_t:s0
tclass=file
Nov 25 14:13:50 genesis kernel: audit(1164435230.716:50): avc:  denied  {
getattr } for  pid=8666 comm="procmail" name="passwd" dev=hda5 ino=156422
scontext=system_u:system_r:procmail_t:s0 tcontext=user_u:object_r:shadow_t:s0
tclass=file
Nov 25 14:13:50 genesis kernel: audit(1164435230.888:51): avc:  denied  { search
} for  pid=8666 comm="procmail" name="hosler" dev=hda17 ino=390913
scontext=system_u:system_r:procmail_t:s0 tcontext=root:object_r:file_t:s0 tclass=dir

putting selinux in non-enforcing mode (hardly desireable) enables procmail to
run (procmail is how spamassassin is triggered, kinda)


Steps to Reproduce:

See above
  
Actual results:

Mail is rejected

Expected results:

Mail to be delivered to local mailbox.

Additional info:
Comment 1 greg hosler 2006-11-25 05:04:55 EST
well... i dunno.

I just rebooted and did an selinux auto-relabel, and now everything works.

Apparently somehow something was not labeled properly.

don't know what. don't know how.

please close this bug.

-Greg

Note You need to log in before you can comment on or make changes to this bug.