The following was filed automatically by setroubleshoot: Résumé: SELinux is preventing the /usr/bin/gpg from using potentially mislabeled files (.spamassassin12190tHoh5stmp). Description détaillée: SELinux has denied gpg access to potentially mislabeled file(s) (.spamassassin12190tHoh5stmp). This means that SELinux will not allow gpg to use these files. It is common for users to edit files in their home directory or tmp directories and then move (mv) them to system directories. The problem is that the files end up with the wrong file context which confined applications are not allowed to access. Autoriser l'accès: If you want gpg to access this files, you need to relabel them using restorecon -v '.spamassassin12190tHoh5stmp'. You might want to relabel the entire directory using restorecon -R -v ''. Informations complémentaires: Contexte source system_u:system_r:gpg_t:s0-s0:c0.c1023 Contexte cible system_u:object_r:system_cronjob_tmp_t:s0 Objets du contexte .spamassassin12190tHoh5stmp [ file ] source gpg Chemin de la source /usr/bin/gpg Port <Inconnu> Hôte (removed) Paquetages RPM source gnupg-1.4.10-1.fc12 Paquetages RPM cible Politique RPM selinux-policy-3.6.31-4.fc12 Selinux activé True Type de politique targeted MLS activé True Mode strict Enforcing Nom du plugin home_tmp_bad_labels Nom de l'hôte (removed) Plateforme Linux (removed) 2.6.31-14.fc12.x86_64 #1 SMP Tue Sep 15 03:48:57 EDT 2009 x86_64 x86_64 Compteur d'alertes 1 Première alerte mer. 16 sept. 2009 04:46:03 CEST Dernière alerte mer. 16 sept. 2009 04:46:03 CEST ID local 98f9c551-3673-41d8-a624-e66229119476 Numéros des lignes Messages d'audit bruts node=(removed) type=AVC msg=audit(1253069163.35:244): avc: denied { read } for pid=12191 comm="gpg" name=".spamassassin12190tHoh5stmp" dev=dm-3 ino=102831 scontext=system_u:system_r:gpg_t:s0-s0:c0.c1023 tcontext=system_u:object_r:system_cronjob_tmp_t:s0 tclass=file node=(removed) type=SYSCALL msg=audit(1253069163.35:244): arch=c000003e syscall=2 success=no exit=-13 a0=7fffbf25df45 a1=0 a2=1b6 a3=0 items=0 ppid=12190 pid=12191 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=21 comm="gpg" exe="/usr/bin/gpg" subj=system_u:system_r:gpg_t:s0-s0:c0.c1023 key=(null) audit2allow suggests: #============= gpg_t ============== allow gpg_t system_cronjob_tmp_t:file read;
spamassassion comes with a cron that update its rules over the network, checking their gpg signature as a safety channel: lint check of update failed, channel failed error: GPG validation failed! The update downloaded successfully, but the GPG signature verification failed. channel: GPG validation failed, channel failed
Fixed in selinux-policy-3.6.31-6.fc12.noarch