Description of problem: SELinux policy preventing spamassassin from creating new files Version-Release number of selected component (if applicable): spamass-milter.i386 0.3.1-4.fc6 installed spamassassin.i386 3.2.1-1.fc7 installed selinux-policy.noarch 2.6.4-14.fc7 installed selinux-policy-targeted.noarch 2.6.4-14.fc7 installed How reproducible: Have recently installed spamass-milter and spamassassin and configured sendmail to use both as per spamass-milter's readme. When an email is received sendmail calls spamassassin to check for spam. During its processing, spamassassasin wishes to create a number of files in /var/run/spam* (see below) but cannot due to policy. Steps to Reproduce: 1. Send an email to sendmail Actual results: This is /var/log/maillog when an email has been received: Jun 18 11:09:09 sally sendmail[7327]: l5IA98pq007327: from=<...>, size=3401, class=0, nrcpts=1, msgid=<...>, proto=ESMTP, daemon=MTA, relay=... Jun 18 11:09:10 sally spamd[30491]: spamd: connection from ... [127.0.0.1] at port 55496 Jun 18 11:09:10 sally spamd[30491]: spamd: setuid to sa-milt succeeded Jun 18 11:09:10 sally spamd[30491]: spamd: creating default_prefs: /var/run/spamass-milter/.spamassassin/user_prefs Jun 18 11:09:10 sally spamd[30491]: config: cannot write to /var/run/spamass-milter/.spamassassin/user_prefs: No such file or directory Jun 18 11:09:10 sally spamd[30491]: spamd: failed to create readable default_prefs: /var/run/spamass-milter/.spamassassin/user_prefs Jun 18 11:09:10 sally spamd[30491]: spamd: processing message <...> for sa-milt:117 Jun 18 11:09:21 sally spamd[30491]: pyzor: check failed: internal error Jun 18 11:09:21 sally spamd[30491]: auto-whitelist: open of auto-whitelist file failed: locker: safe_lock: cannot create tmp lockfile /var/run/spamass-milter/.spamassassin/auto-whitelist.lock.sally.thompson.30491 for /var/run/spamass-milter/.spamassassin/auto-whitelist.lock: No such file or directory Jun 18 11:09:21 sally spamd[30491]: spamd: clean message (-0.0/5.0) for sa-milt:117 in 11.5 seconds, 3829 bytes. Jun 18 11:09:21 sally spamd[30491]: spamd: result: . 0 - HTML_MESSAGE,SPF_HELO_PASS,SPF_PASS scantime=11.5,size=3829,user=sa-milt,uid=117,required_score=5.0,rhost=sally.thompson,raddr=127.0.0.1,rport=55496,mid=<!&!AAAAAAAAAAAYAAAAAAAAAOY8J/3rqT5EmjIViIpUaYHCgAAAEAAAAF3YkUWbGGpNoi6KPyT3/bgBAAAAAA==.uk>,autolearn=failed Jun 18 11:09:21 sally sendmail[7327]: l5IA98pq007327: Milter add: header: X-Spam-Status: No, score=-0.0 required=5.0 tests=HTML_MESSAGE,SPF_HELO_PASS,\n\tSPF_PASS autolearn=failed version=3.2.1 Jun 18 11:09:21 sally sendmail[7327]: l5IA98pq007327: Milter add: header: X-Spam-Checker-Version: SpamAssassin 3.2.1 (2007-05-02) on sally.thompson Jun 18 11:09:22 sally spamd[30488]: prefork: child states: II Here are the 3 relevant SELinux reports from setroubleshoot browser: avc: denied { create } for comm="spamd" egid=120 euid=117 exe="/usr/bin/perl" exit=-13 fsgid=120 fsuid=117 gid=0 items=0 name=".spamassassin" pid=30491 scontext=system_u:system_r:spamd_t:s0 sgid=0 subj=system_u:system_r:spamd_t:s0 suid=0 tclass=dir tcontext=system_u:object_r:var_run_t:s0 tty=(none) uid=0 avc: denied { write } for comm="pyzor" dev=dm-0 egid=120 euid=117 exe="/usr/bin/python" exit=-13 fsgid=120 fsuid=117 gid=0 items=0 name="spamass- milter" pid=7330 scontext=system_u:system_r:pyzor_t:s0 sgid=120 subj=system_u:system_r:pyzor_t:s0 suid=117 tclass=dir tcontext=system_u:object_r:var_run_t:s0 tty=(none) uid=117 avc: denied { create } for comm="spamd" egid=120 euid=117 exe="/usr/bin/perl" exit=-13 fsgid=120 fsuid=117 gid=0 items=0 name=".razor" pid=30491 scontext=system_u:system_r:spamd_t:s0 sgid=0 subj=system_u:system_r:spamd_t:s0 suid=0 tclass=dir tcontext=system_u:object_r:var_run_t:s0 tty=(none) uid=0 Expected results: Additional info: Executing chcon -R -t spamd_var_run_t /var/run/spam* seems to fix the pyzor error, but the other two remain
Fixed in selinux-policy-2.6.4-17
Closing as fixes are in the current release