448221 – procmail can't run spamc

Bug 448221 - procmail can't run spamc

Summary: procmail can't run spamc

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	selinux-policy-targeted
Sub Component:
Version:	9
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Daniel Walsh
QA Contact:	Ben Levenson
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2008-05-24 16:50 UTC by Kostas Georgiou
Modified:	2008-11-17 22:04 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2008-11-17 22:04:06 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Kostas Georgiou 2008-05-24 16:50:35 UTC

procmail calls to spamc fail with the following AVC:

type=SELINUX_ERR msg=audit(1211644389.204:16280): security_compute_sid:  invalid
context system_u:system_r:spamc_t:s0 for
scontext=system_u:system_r:procmail_t:s0
tcontext=system_u:object_r:spamc_exec_t:s0 tclass=process

domg472 at #fedora-selinux suggested the following policy which fixes the denials.

policy_module(myspamc,1.0.0)
require{ type spamc_t; }
role system_r types spamc_t;

Audit2allow was suggesting role system_r types spamc_exec_t; which didn't work.

Comment 1 Daniel Walsh 2008-05-27 14:27:45 UTC

Fixed in selinux-policy-3.3.1-55.fc9

I will put a fix in for audit2allow.

Comment 2 Daniel Walsh 2008-11-17 22:04:06 UTC

Closing all bugs that have been in modified for over a month.  Please reopen if the bug is not actually fixed.

Note You need to log in before you can comment on or make changes to this bug.