On Tue, 12 Dec 2017 13:37:30 +0100
Nicolas Kovacs <info@xxxxxxxxxxxxx> wrote:
> Hi,
>
> Spamassassin has been working nicely on my main server running CentOS
> 7 and Postfix. SELinux is activated (Enforcing).
>
> Since the most recent update (don't know if it's related to it though)
> I'm getting the following SELinux error.
>
> --8<-----------------------------------------------------------------
> SELinux is preventing /usr/bin/perl from 'read, write' accesses on the
> file /var/log/spamassassin/.spamassassin/bayes_toks.
...
> Additional Information:
> Source Context system_u:system_r:spamd_t:s0
> Target Context system_u:object_r:var_log_t:s0
This seems like it should have been denied. You probably don't want
system_r:spamd_t to write to var_log_t.
I don't have access to a c7 with spamassasin right now but would guess
that /var/log/spamassassin/.spamassassin/bayes_toks should have been a
different context (something like spam_log_t).
You can use "ls -Z" on /var/log/spamassassin to find out what context
the top level dir has. Then use restorcon (if the policy has the
correct data but the real world file/dir is wrong). chcon can be used
to test a change but for a permanent fix you'll have to add it to the
policy (file context listing).
/Peter K
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
