Bug 879007 - SELinux errors with temporary files
SELinux errors with temporary files
Status: NEW
Product: Fedora EPEL
Classification: Fedora
Component: dspam (Show other bugs)
el6
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Nathanael Noblet
Fedora Extras Quality Assurance
: SELinux
Depends On:
Blocks: 1060653
  Show dependency treegraph
 
Reported: 2012-11-21 14:27 EST by Matěj Cepl
Modified: 2015-04-05 14:31 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 1060653 (view as bug list)
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
output of ausearch -m AVC -ts today (13.85 KB, text/plain)
2012-11-21 14:27 EST, Matěj Cepl
no flags Details

  None (edit)
Description Matěj Cepl 2012-11-21 14:27:30 EST
Created attachment 649380 [details]
output of ausearch -m AVC -ts today

Description of problem:
#============= httpd_suexec_t ==============
allow httpd_suexec_t httpd_tmp_t:file { read write };

#============= httpd_sys_script_t ==============
allow httpd_sys_script_t devlog_t:sock_file write;
allow httpd_sys_script_t syslogd_t:unix_dgram_socket sendto;

see attached output of

ausearch -m AVC -ts today

Version-Release number of selected component (if applicable):
dspam-3.10.2-2.el6.i686
selinux-policy-targeted-3.7.19-181.el6.noarch
Comment 1 Miroslav Grepl 2015-04-03 04:48:26 EDT
Did it work with

#============= httpd_sys_script_t ==============
allow httpd_sys_script_t devlog_t:sock_file write;
allow httpd_sys_script_t syslogd_t:unix_dgram_socket sendto;

or did you also need to have

#============= httpd_suexec_t ==============
allow httpd_suexec_t httpd_tmp_t:file { read write };
Comment 2 Matěj Cepl 2015-04-05 14:31:32 EDT
I am sorry, I have given up on dspam a long time ago (it is just too bloody complicated comparing to the plain bogofilter). You can close this as INSUFFICIENT_DATA.

Note You need to log in before you can comment on or make changes to this bug.