Bug 616182 - I use spamassassin with settingsd stored in a postgresql db and I get the following selinux warning
Summary: I use spamassassin with settingsd stored in a postgresql db and I get the fol...
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted
Version: 13
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Miroslav Grepl
QA Contact: Ben Levenson
Depends On:
TreeView+ depends on / blocked
Reported: 2010-07-19 19:37 UTC by Gabriel Ramirez
Modified: 2010-07-23 02:27 UTC (History)
0 users

Clone Of:
Last Closed: 2010-07-23 02:27:13 UTC

Attachments (Terms of Use)

Description Gabriel Ramirez 2010-07-19 19:37:48 UTC
Description of problem:

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
Actual results:

Expected results:

Additional info:

Comment 1 Gabriel Ramirez 2010-07-19 19:53:19 UTC
I use spamassassin-3.3.1-2.fc13.x86_64 and it store settings in a postgresql-8.4.4-1.fc13.x86_64 database by following instructions 


but I get the following security alert (I set the spamd_t domain to permissive):


SELinux is preventing /usr/bin/perl "name_connect" access .

Detailed Description:

[spamd has a permissive type (spamd_t). This access was not denied.]

SELinux denied access requested by spamd. It is not expected that this access is
required by spamd and this access may signal an intrusion attempt. It is also
possible that the specific version or configuration of the application is
causing it to require additional access.

Additional Information:

Source Context                unconfined_u:system_r:spamd_t:s0
Target Context                system_u:object_r:postgresql_port_t:s0
Target Objects                None [ tcp_socket ]
Source                        spamd
Source Path                   /usr/bin/perl
Port                          5432
Host                          stargate.zn9.acapulco.ag
Source RPM Packages           perl-5.10.1-114.fc13
Target RPM Packages           
Policy RPM                    selinux-policy-3.7.19-33.fc13
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Plugin Name                   catchall
Host Name                     localhost
Platform                      Linuxlocalhost
                     #1 SMP Tue Jul 6 22:32:17
                              UTC 2010 x86_64 x86_64
Alert Count                   1
First Seen                    Mon 19 Jul 2010 02:21:22 PM CDT
Last Seen                     Mon 19 Jul 2010 02:36:05 PM CDT
Local ID                      90f684f8-d152-4903-a35e-9ef26572e142
Line Numbers                  

Raw Audit Messages            

node=localhost type=AVC msg=audit(1279568165.441:25221): avc:  denied  { name_connect } for  pid=18577 comm="spamd" dest=5432 scontext=unconfined_u:system_r:spamd_t:s0 tcontext=system_u:object_r:postgresql_port_t:s0 tclass=tcp_socket

node=localhost type=SYSCALL msg=audit(1279568165.441:25221): arch=c000003e syscall=42 success=yes exit=128 a0=6 a1=375cf90 a2=10 a3=7fffb2a34c70 items=0 ppid=18575 pid=18577 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=2 comm="spamd" exe="/usr/bin/perl" subj=unconfined_u:system_r:spamd_t:s0 key=(null)

I made a selinux module spamdlocal.pp via audit2allow 
but a selinux boolean with a default of disabled ( I will enabled because I need it)  will be great



Comment 2 Daniel Walsh 2010-07-19 20:18:17 UTC
We have



In Rawhide policy.

Comment 3 Miroslav Grepl 2010-07-21 07:37:53 UTC
Fixed in selinux-policy-3.7.19-39.fc13.noarch

Comment 4 Fedora Update System 2010-07-21 15:33:56 UTC
selinux-policy-3.7.19-39.fc13 has been submitted as an update for Fedora 13.

Comment 5 Fedora Update System 2010-07-23 02:26:45 UTC
selinux-policy-3.7.19-39.fc13 has been pushed to the Fedora 13 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.