Description of problem: Each incoming message filtered with spamassassin generates several AVC denials when razor tries to access files in $HOME/.razor directory. SEtroubleshoot suggests turning on "spamd_enable_home_dirs" but it's already enabled and has no effect. Version-Release number of selected component (if applicable): selinux-policy-targeted-3.0.8-52.fc8 How reproducible: always Steps to Reproduce: 1. install spamassassin and perl-Razor-Agent 2. filter incoming mail with spamc/spamd Actual results: A bunch of AVC denials for each incoming mail, e.g.: avc: denied { getattr } for comm=spamd dev=dm-1 path=/home/mk/.razor/identity pid=2374 scontext=system_u:system_r:spamd_t:s0 tclass=lnk_file tcontext=system_u:object_r:user_razor_home_t:s0 avc: denied { getattr } for comm=spamd dev=dm-1 path=/home/mk/.razor/razor-agent.conf pid=2374 scontext=system_u:system_r:spamd_t:s0 tclass=file tcontext=system_u:object_r:user_razor_home_t:s0 Expected results: Razor should be allowed to access its per-user working files. Additional info: System configuration: http://smolt.fedoraproject.org/show?UUID=f0f66cb8-0587-4345-b507-f51325db74a6
Created attachment 258561 [details] The latest audit log messages generated by this bug
You can allow this for now by executing # audit2allow -M mypol -i /var/log/audit/audit.log # semodule -i mypol.pp Fixed in selinux-policy-3.0.8-58.fc8
Created attachment 267551 [details] AVC denials from audit.log with 3.0.8-58.fc8 Installing selinux-policy-3.0.8-58.fc8 from updates-testing fixes most denials, but not all of them.
Bulk closing a old selinux policy bugs that were in the modified state. If the bug is still not fixed. Please reopen.