Re: Spamassassin vs. SELinux trouble

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Tue, 12 Dec 2017 13:37:30 +0100
Nicolas Kovacs <info@xxxxxxxxxxxxx> wrote:

> Hi,
> 
> Spamassassin has been working nicely on my main server running CentOS
> 7 and Postfix. SELinux is activated (Enforcing).
> 
> Since the most recent update (don't know if it's related to it though)
> I'm getting the following SELinux error.
> 
> --8<-----------------------------------------------------------------
> SELinux is preventing /usr/bin/perl from 'read, write' accesses on the
> file /var/log/spamassassin/.spamassassin/bayes_toks.
...
> Additional Information:
> Source Context                system_u:system_r:spamd_t:s0
> Target Context                system_u:object_r:var_log_t:s0

This seems like it should have been denied. You probably don't want
system_r:spamd_t to write to var_log_t.

I don't have access to a c7 with spamassasin right now but would guess
that /var/log/spamassassin/.spamassassin/bayes_toks should have been a
different context (something like spam_log_t).

You can use "ls -Z" on /var/log/spamassassin to find out what context
the top level dir has. Then use restorcon (if the policy has the
correct data but the real world file/dir is wrong). chcon can be used
to test a change but for a permanent fix you'll have to add it to the
policy (file context listing).

/Peter K
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos



[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]


  Powered by Linux