Bug 238325 - AVC denied when accessing /var/lib/spamassassin
AVC denied when accessing /var/lib/spamassassin
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-04-29 07:04 EDT by Robert Scheck
Modified: 2007-11-30 17:12 EST (History)
0 users

See Also:
Fixed In Version: Current
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-08-22 10:15:12 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Robert Scheck 2007-04-29 07:04:06 EDT
Description of problem:
type=AVC msg=audit(1177844482.191:174250): avc:  denied  { read } for  pid=2485 
comm="spamassassin" name="3.002000" dev=cciss/c0d0p2 ino=213219 
scontext=user_u:system_r:procmail_t:s0 
tcontext=user_u:object_r:spamd_var_lib_t:s0 tclass=dir
type=SYSCALL msg=audit(1177844482.191:174250): arch=40000003 syscall=5 
success=yes exit=3 a0=9fbb928 a1=18800 a2=3 a3=9f07488 items=0 ppid=2484 
pid=2485 auid=500 uid=500 gid=100 euid=500 suid=500 fsuid=500 egid=100 sgid=100 
fsgid=100 tty=(none) comm="spamassassin" exe="/usr/bin/perl" 
subj=user_u:system_r:procmail_t:s0 key=(null)

Version-Release number of selected component (if applicable):
selinux-policy-2.6.1-1
selinux-policy-targeted-2.6.1-1

Actual results:
AVC denied when accessing /var/lib/spamassassin (by procmail?)

Expected results:
No AVC denied message.
Comment 1 Robert Scheck 2007-04-29 14:30:07 EDT
Oh and SpamAssassin must be allowed to access this directory; any updates by
sa-update will be put into there.
Comment 2 Daniel Walsh 2007-04-30 08:41:25 EDT
Fixed in selinux-policy-targeted-2.6.3-1
Comment 3 Robert Scheck 2007-05-25 16:27:34 EDT
NO! This bug is not fixed in selinux-policy-targeted-2.6.4-8:

type=AVC msg=audit(1180124312.557:188618): avc:  denied  { read } for  
pid=18541 comm="spamassassin" name="3.002000" dev=cciss/c0d0p2 ino=21321
9 scontext=user_u:system_r:procmail_t:s0 
tcontext=user_u:object_r:spamd_var_lib_t:s0 tclass=dir
type=SYSCALL msg=audit(1180124312.557:188618): arch=40000003 syscall=5 
success=yes exit=3 a0=a28f9c8 a1=18800 a2=3 a3=a1db540 items=0 ppid=1854
0 pid=18541 auid=500 uid=506 gid=501 euid=506 suid=506 fsuid=506 egid=501 
sgid=501 fsgid=501 tty=(none) comm="spamassassin" exe="/usr/bin/perl"
 subj=user_u:system_r:procmail_t:s0 key=(null)
Comment 4 Daniel Walsh 2007-05-29 10:27:57 EDT
Fix will be in  2.6.4-10
Comment 5 Robert Scheck 2007-06-10 18:00:14 EDT
DANIEL! This bug is also NOT fixed in selinux-policy-targeted-2.6.5-2:

Raw Audit Messages

avc: denied { read } for comm="spamassassin" dev=cciss/c0d0p2 egid=100 euid=500
exe="/usr/bin/perl" exit=3 fsgid=100 fsuid=500 gid=100 items=0 name="3.002000"
pid=20326 scontext=system_u:system_r:procmail_t:s0 sgid=100
subj=system_u:system_r:procmail_t:s0 suid=500 tclass=dir
tcontext=user_u:object_r:spamd_var_lib_t:s0 tty=(none) uid=500
Comment 6 Daniel Walsh 2007-06-11 10:41:53 EDT
Fix will be selinux-policy-3.0.0  It is in fc7.
Comment 7 Daniel Walsh 2007-08-22 10:15:12 EDT
Should be fixed in the current release

Note You need to log in before you can comment on or make changes to this bug.