Bug 226613 - sa-update creates files with wrong context for spamassassin
sa-update creates files with wrong context for spamassassin
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Ben Levenson
Depends On:
  Show dependency treegraph
Reported: 2007-01-31 16:28 EST by Michael De La Rue
Modified: 2007-11-30 17:11 EST (History)
1 user (show)

See Also:
Fixed In Version: Current
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-09-12 13:08:18 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
listing of sample files from sa default rules and updated ones + audit log. (1.39 KB, text/plain)
2007-01-31 16:28 EST, Michael De La Rue
no flags Details

  None (edit)
Description Michael De La Rue 2007-01-31 16:28:22 EST
Description of problem:
the files which sa-update creates have a security context (cron_var_lib_t) which
isn't available to spamassassin (spam_t)

Version-Release number of selected component (if applicable):

How reproducible:
every time

Steps to Reproduce:
1. install spamassassin
2. run sa-update from /etc/cron.daily (e.g
/usr/share/spamassassin/sa-update.cron 2>&1 | tee -a /var/log/sa-update.log)
2.5 service spamassassin restart (part of script mentioned)
3. try to run spamc on a spam mail message (spamc < spam-mail)
4. setenforce 0
5. service spamassassin restart
6. spamc < spam-mail
Actual results:
spamc fails to correctly label mail as spam in step 3.  manages to label
correctly in step 6.

Expected results:
sa-update correctly labels files for use via spamassassin; spamc give same
results whether selinux is enforcing or not. 

Additional info:
a) there's a bug to get sa-update running by default (#219078)
b) restorecon thinks system_u:object_r:var_lib_t should be used in
/var/lib/spamassassin/3.001007/updates_spamassassin_org/ - that seems to improve
Comment 1 Michael De La Rue 2007-01-31 16:28:23 EST
Created attachment 147052 [details]
listing of sample files from sa default rules and updated ones + audit log.
Comment 2 Daniel Walsh 2007-02-01 15:55:05 EST
Fixed in selinux-policy-2.4.6-35
Comment 3 Daniel Walsh 2007-09-12 13:08:18 EDT
Moving modified bugs to closed

Note You need to log in before you can comment on or make changes to this bug.