https://bugzilla.redhat.com/show_bug.cgi?id=1473017 Bug ID: 1473017 Summary: amavisd-new-2.11.0-1 has issue with DCC, can't write to /etc/dcc Product: Fedora EPEL Version: epel7 Component: amavisd-new Severity: low Assignee: j.orti.alcaine@xxxxxxxxx Reporter: pb@xxxxxxxxxxxx QA Contact: extras-qa@xxxxxxxxxxxxxxxxx CC: janfrode@xxxxxxxxx, j.orti.alcaine@xxxxxxxxx, perl-devel@xxxxxxxxxxxxxxxxxxxxxxx, steve@xxxxxxxxx, vanmeeuwen+fedora@xxxxxxxxxxxx Description of problem: since upgrading EL7 system strange DCC messages are occuring. Version-Release number of selected component (if applicable): amavisd-new-2.11.0-1 How reproducible: always Steps to Reproduce: 1. have amavisd+spamassassin+DCC installed Actual results: Jul 19 22:29:57 *** dccproc[29496]: open(/etc/dcc/map): Permission denied Jul 19 22:29:57 *** dccproc[29496]: lock_open(/etc/dcc/whiteclnt.dccx): Permission denied; file not writeable for locking Expected results: Working as before the update Additional info: related systemd unit file changed, 2.11.0-1 added: ProtectSystem=full This prevents dccproc from writing to /etc/dcc "Workaround": reduce restriction to ProtectSystem=true Looks like systemd.exec is missing a feature, because ReadWritePaths=-/etc/dcc is not supported on ProtectSystem=full, only on ProtectSystem=strict (which is even more hard...) Imho "full" should already honor ReadWritePaths -- You are receiving this mail because: You are on the CC list for the bug. _______________________________________________ perl-devel mailing list -- perl-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to perl-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
