226613 – sa-update creates files with wrong context for spamassassin

Bug 226613 - sa-update creates files with wrong context for spamassassin

Summary: sa-update creates files with wrong context for spamassassin

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	selinux-policy
Sub Component:
Version:	6
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Daniel Walsh
QA Contact:	Ben Levenson
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2007-01-31 21:28 UTC by Michael De La Rue
Modified:	2007-11-30 22:11 UTC (History)
CC List:	1 user (show)
Fixed In Version:	Current
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2007-09-12 17:08:18 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
listing of sample files from sa default rules and updated ones + audit log. (1.39 KB, text/plain) 2007-01-31 21:28 UTC, Michael De La Rue	no flags	Details
View All

Description Michael De La Rue 2007-01-31 21:28:22 UTC

Description of problem:
the files which sa-update creates have a security context (cron_var_lib_t) which
isn't available to spamassassin (spam_t)

Version-Release number of selected component (if applicable):


How reproducible:
every time

Steps to Reproduce:
1. install spamassassin
2. run sa-update from /etc/cron.daily (e.g
/usr/share/spamassassin/sa-update.cron 2>&1 | tee -a /var/log/sa-update.log)
2.5 service spamassassin restart (part of script mentioned)
3. try to run spamc on a spam mail message (spamc < spam-mail)
4. setenforce 0
5. service spamassassin restart
6. spamc < spam-mail
  
Actual results:
spamc fails to correctly label mail as spam in step 3.  manages to label
correctly in step 6.

Expected results:
sa-update correctly labels files for use via spamassassin; spamc give same
results whether selinux is enforcing or not. 


Additional info:
a) there's a bug to get sa-update running by default (#219078)
b) restorecon thinks system_u:object_r:var_lib_t should be used in
/var/lib/spamassassin/3.001007/updates_spamassassin_org/ - that seems to improve
things.

Comment 1 Michael De La Rue 2007-01-31 21:28:23 UTC

Created attachment 147052 [details]
listing of sample files from sa default rules and updated ones + audit log.

Comment 2 Daniel Walsh 2007-02-01 20:55:05 UTC

Fixed in selinux-policy-2.4.6-35

Comment 3 Daniel Walsh 2007-09-12 17:08:18 UTC

Moving modified bugs to closed

Note You need to log in before you can comment on or make changes to this bug.