Description of problem: the files which sa-update creates have a security context (cron_var_lib_t) which isn't available to spamassassin (spam_t) Version-Release number of selected component (if applicable): How reproducible: every time Steps to Reproduce: 1. install spamassassin 2. run sa-update from /etc/cron.daily (e.g /usr/share/spamassassin/sa-update.cron 2>&1 | tee -a /var/log/sa-update.log) 2.5 service spamassassin restart (part of script mentioned) 3. try to run spamc on a spam mail message (spamc < spam-mail) 4. setenforce 0 5. service spamassassin restart 6. spamc < spam-mail Actual results: spamc fails to correctly label mail as spam in step 3. manages to label correctly in step 6. Expected results: sa-update correctly labels files for use via spamassassin; spamc give same results whether selinux is enforcing or not. Additional info: a) there's a bug to get sa-update running by default (#219078) b) restorecon thinks system_u:object_r:var_lib_t should be used in /var/lib/spamassassin/3.001007/updates_spamassassin_org/ - that seems to improve things.
Created attachment 147052 [details] listing of sample files from sa default rules and updated ones + audit log.
Fixed in selinux-policy-2.4.6-35
Moving modified bugs to closed