Recently turned SELinux back on my mailserver running postfix and spamassassin, and am getting the following AVC message (looks like selinux doesn't allow for connections to the Razor spam DB): SELinux is preventing spamassassin (procmail_t) "name_connect" to <Unknown> (razor_port_t). ...here's the alert: Summary: SELinux is preventing spamassassin (procmail_t) "name_connect" to <Unknown> (razor_port_t). Detailed Description: [SELinux is in permissive mode, the operation would have been denied but was permitted due to permissive mode.] SELinux denied access requested by spamassassin. It is not expected that this access is required by spamassassin and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package. Additional Information: Source Context system_u:system_r:procmail_t Target Context system_u:object_r:razor_port_t Target Objects None [ tcp_socket ] Source spamassassin Source Path /usr/bin/perl Port 2703 Host salusa.poochiereds.net Source RPM Packages perl-5.8.8-39.fc8 Target RPM Packages Policy RPM selinux-policy-3.0.8-98.fc8 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Permissive Plugin Name catchall Host Name salusa.poochiereds.net Platform Linux salusa.poochiereds.net 2.6.24.5-85.fc8 #1 SMP Sat Apr 19 11:18:09 EDT 2008 x86_64 x86_64 Alert Count 10 First Seen Fri 02 May 2008 10:32:33 AM EDT Last Seen Fri 02 May 2008 02:27:06 PM EDT Local ID 2f1991ab-918d-49ec-bf3f-1efe4bcad410 Line Numbers Raw Audit Messages host=salusa.poochiereds.net type=AVC msg=audit(1209752826.320:322): avc: denied { name_connect } for pid=7427 comm="spamassassin" dest=2703 scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:object_r:razor_port_t:s0 tclass=tcp_socket host=salusa.poochiereds.net type=SYSCALL msg=audit(1209752826.320:322): arch=c000003e syscall=42 success=no exit=-115 a0=6 a1=16cf450 a2=10 a3=0 items=0 ppid=7426 pid=7427 auid=4294967295 uid=1002 gid=1002 euid=1002 suid=1002 fsuid=1002 egid=1002 sgid=1002 fsgid=1002 tty=(none) comm="spamassassin" exe="/usr/bin/perl" subj=system_u:system_r:procmail_t:s0 key=(null)
The easiest thing for you to do is execute # grep procmail /var/log/audit/audit.log | audit2allow -M myprocmail # semodule -i myprocmail.pp In Fedora 9 there is a transition from procmail to spamassassin_t, but this might be a little dangerous for Fedora 8. So I am going to close this and mark it as fixed in the next release.