Bug 879007 - SELinux errors with temporary files
Summary: SELinux errors with temporary files
Keywords:
Status: NEW
Alias: None
Product: Fedora EPEL
Classification: Fedora
Component: dspam
Version: el6
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Nathanael Noblet
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks: 1060653
TreeView+ depends on / blocked
 
Reported: 2012-11-21 19:27 UTC by Matěj Cepl
Modified: 2019-04-30 21:39 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
: 1060653 (view as bug list)
Environment:
Last Closed:


Attachments (Terms of Use)
output of ausearch -m AVC -ts today (13.85 KB, text/plain)
2012-11-21 19:27 UTC, Matěj Cepl
no flags Details

Description Matěj Cepl 2012-11-21 19:27:30 UTC
Created attachment 649380 [details]
output of ausearch -m AVC -ts today

Description of problem:
#============= httpd_suexec_t ==============
allow httpd_suexec_t httpd_tmp_t:file { read write };

#============= httpd_sys_script_t ==============
allow httpd_sys_script_t devlog_t:sock_file write;
allow httpd_sys_script_t syslogd_t:unix_dgram_socket sendto;

see attached output of

ausearch -m AVC -ts today

Version-Release number of selected component (if applicable):
dspam-3.10.2-2.el6.i686
selinux-policy-targeted-3.7.19-181.el6.noarch

Comment 1 Miroslav Grepl 2015-04-03 08:48:26 UTC
Did it work with

#============= httpd_sys_script_t ==============
allow httpd_sys_script_t devlog_t:sock_file write;
allow httpd_sys_script_t syslogd_t:unix_dgram_socket sendto;

or did you also need to have

#============= httpd_suexec_t ==============
allow httpd_suexec_t httpd_tmp_t:file { read write };

Comment 2 Matěj Cepl 2015-04-05 18:31:32 UTC
I am sorry, I have given up on dspam a long time ago (it is just too bloody complicated comparing to the plain bogofilter). You can close this as INSUFFICIENT_DATA.


Note You need to log in before you can comment on or make changes to this bug.