Bug 383041 - perl-Razor-Agent is blocked from accessing files under home directories
perl-Razor-Agent is blocked from accessing files under home directories
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
8
x86_64 Linux
low Severity low
: ---
: ---
Assigned To: Daniel Walsh
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-11-14 13:53 EST by Markku Kolkka
Modified: 2008-01-30 14:06 EST (History)
0 users

See Also:
Fixed In Version: Current
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-01-30 14:06:20 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
The latest audit log messages generated by this bug (9.83 KB, text/plain)
2007-11-14 13:53 EST, Markku Kolkka
no flags Details
AVC denials from audit.log with 3.0.8-58.fc8 (2.77 KB, text/plain)
2007-11-23 10:09 EST, Markku Kolkka
no flags Details

  None (edit)
Description Markku Kolkka 2007-11-14 13:53:13 EST
Description of problem:
Each incoming message filtered with spamassassin generates several AVC denials
when razor tries to access files in $HOME/.razor directory. SEtroubleshoot
suggests turning on "spamd_enable_home_dirs" but it's already enabled and has no
effect.

Version-Release number of selected component (if applicable):
selinux-policy-targeted-3.0.8-52.fc8

How reproducible:
always

Steps to Reproduce:
1. install spamassassin and perl-Razor-Agent
2. filter incoming mail with spamc/spamd
  
Actual results:
A bunch of AVC denials for each incoming mail, e.g.:
avc: denied { getattr } for comm=spamd dev=dm-1 path=/home/mk/.razor/identity
pid=2374 scontext=system_u:system_r:spamd_t:s0 tclass=lnk_file
tcontext=system_u:object_r:user_razor_home_t:s0
avc: denied { getattr } for comm=spamd dev=dm-1
path=/home/mk/.razor/razor-agent.conf pid=2374
scontext=system_u:system_r:spamd_t:s0 tclass=file
tcontext=system_u:object_r:user_razor_home_t:s0 

Expected results:
Razor should be allowed to access its per-user working files.

Additional info:
System configuration:
http://smolt.fedoraproject.org/show?UUID=f0f66cb8-0587-4345-b507-f51325db74a6
Comment 1 Markku Kolkka 2007-11-14 13:53:13 EST
Created attachment 258561 [details]
The latest audit log messages generated by this bug
Comment 2 Daniel Walsh 2007-11-19 10:45:29 EST
You can allow this for now by executing 

# audit2allow -M mypol -i /var/log/audit/audit.log 
# semodule -i mypol.pp

Fixed in selinux-policy-3.0.8-58.fc8
Comment 3 Markku Kolkka 2007-11-23 10:09:25 EST
Created attachment 267551 [details]
AVC denials from audit.log with 3.0.8-58.fc8

Installing selinux-policy-3.0.8-58.fc8 from updates-testing fixes most denials,
but not all of them.
Comment 4 Daniel Walsh 2008-01-30 14:06:20 EST
Bulk closing a old selinux policy bugs that were in the modified state.  If the
bug is still not fixed.  Please reopen.

Note You need to log in before you can comment on or make changes to this bug.