Hide Forgot
After upgrading my gateway mail server from RHEL 6.3 to RHEL 6.4 SELinux is showing the following: type=AVC msg=audit(1366639171.849:29610): avc: denied { execute } for pid=25790 comm="amavisd" name="bash" dev=dm-0 ino=38 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:shell_exec_t:s0 tclass=file type=SYSCALL msg=audit(1366639171.849:29610): arch=c000003e syscall=59 success=yes exit=0 a0=6310e10 a1=4f036a0 a2=6128570 a3=8 items=0 ppid=25745 pid=25790 auid=0 uid=495 gid=491 euid=495 suid=495 fsuid=495 egid=491 sgid=491 fsgid=491 tty=(none) ses=652 comm="7za" exe="/bin/bash" subj=system_u:system_r:amavis_t:s0 key=(null) It would seem it's not letting amavis to execute 7za. The weird thing is that it was working fine in RHEL 6.3. I'm going to create a local policy module to allow the access but I'd like to know your point of view regarding this AVC. Thanks a lot.
We have this allowed in F19. Might be an updated version of amavisd. Miroslave we probably shold back port the other fixes in the te file.
Yep, you are right, EPEL updated Amavis from 2.6.4 to 2.8.0 and I applied those too after upgrading RHEL to 6.4.
Yes, basically I want to back port # seinfo -xtamavis_t TypeName antivirus_t Aliases amavis_t clamd_t freshclam_t clamscan_t
I merged amavis_t clamd_t freshclam_t clamscan_t to antivirus_t.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2013-1598.html