Basically the problem is that spamass-milter doesn't work properly with SELinux in enforcing mode (see Bug #446975 and Bug #447247; the fix suggested here will also help with Bug #452248). I have written new policy for spamass-milter and also milter-regex and these are now in upstream reference policy and back downstream in Rawhide already. I shall attach patches against today's CVS for selinux-policy F-9 and F-10 that add the milter module to policy. I'm particularly keen to get F-10 policy fixed because I can't override some of the context types specified in selinux-policy using a local policy module like I could in F-9 (which would complain about multiple different specifications but still allow it and work). Dan has been involved in discussions regarding this for some time and was close to merging it earlier - see https://bugzilla.redhat.com/show_bug.cgi?id=452248#c13 I've built and tested the resulting patched packages (hence the odd release tags which I'm sure you'll change) and look forward to getting this into Fedora at long, long, last.
Created attachment 330785 [details] Patch adding milter module to F-9 policy
Created attachment 330786 [details] Patch adding milter module to F-10 policy
Niroslav, lets take this policy in and update F9 and F10.
Fixed in selinux-policy-3.5.13-44.fc10 and selinux-policy-3.3.1-121.fc9. Today submitted for testing.
Thanks, this is working for me so far. However, I don't understand why the milter_read_data and milter_manage_data (which has the wrong summary in the interface file by the way) interfaces were added. Why does spamc_t need to manage milter data?
Paul, you are right. I will fix it. Thanks your notice.
Current state of play: devel/F-11 : awaiting pull of milter module version 1.0.1 from upstream. F-10/F-9 : OK except that upstream now uses interface name milter_manage_spamass_state rather than milter_spamass_manage_state. Nearly there - thanks for the work so far!
I will fix interface name in F9/F10.
All seems well now, in F-9, F-10, F-11, and devel. Thanks everyone.