Bug 452571 - SELinux is preventing the spamc from using potentially mislabeled files (/home/davej/Mail/procmail.log).
Summary: SELinux is preventing the spamc from using potentially mislabeled files (/hom...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted
Version: 9
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Ben Levenson
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-06-23 19:45 UTC by Dave Jones
Modified: 2015-01-04 22:30 UTC (History)
1 user (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2008-11-17 22:04:45 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Dave Jones 2008-06-23 19:45:18 UTC 
my procmailrc has this..

LOGFILE=$HOME/Mail/procmail.log

# a spam assassin invocation
:0fw
* < 256000
| /usr/bin/spamc

This causes..

host=gelk type=AVC msg=audit(1214248091.620:1740): avc: denied { append } for
pid=23143 comm="spamc" path="/home/davej/Mail/procmail.log" dev=md0 ino=58917117
scontext=system_u:system_r:spamc_t:s0
tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file host=gelk type=SYSCALL
msg=audit(1214248091.620:1740): arch=c000003e syscall=59 success=yes exit=0
a0=16ae310 a1=16b0050 a2=16b0140 a3=8 items=0 ppid=23142 pid=23143
auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500
fsgid=500 tty=(none) ses=4294967295 comm="spamc" exe="/usr/bin/spamc"
subj=system_u:system_r:spamc_t:s0 key=(null)
Comment 1 Daniel Walsh 2008-06-24 09:59:13 UTC 
# audit2allow -M mypol -l -i /var/log/audit/audit.log
# semodule -i mypol.pp

Fixed in selinux-policy-3.3.1-71.fc9.noarch
Comment 2 Daniel Walsh 2008-11-17 22:04:45 UTC 
Closing all bugs that have been in modified for over a month.  Please reopen if the bug is not actually fixed.
Note You need to log in before you can comment on or make changes to this bug.