On Fri, Jun 16, 2006 at 07:14:56AM -0400, Daniel J Walsh wrote: > QingLong wrote: >> Would you be so kind as to give me a hint why postfix's pipe command >> tries to execute a custom script with execute_no_trans? Details follow. [...] > Run the AVC's through audit2why? > Yes, I have tried it: | | type=AVC msg=audit(1150288478.697:6253): avc: denied { execute_no_trans } for pid=20218 comm="pipe" name="PostFix.mail.SpamAssassin.spamfilter.sh" dev=md9 ino=56842 scontext=system_u:system_r:postfix_pipe_t:s0 tcontext=system_u:object_r:ql_spamassassin_client_exec_t:s0 tclass=file | Was caused by: | Missing or disabled TE allow rule. | Allow rules may exist but be disabled by boolean settings; check boolean settings. | The only booleans that may have something to do with the problem are setrans_disable_trans postfix_disable_trans and both of them have zero value. Did I miss some boolean? | | You can see the necessary allow rules by running audit2allow with this audit message as input. | | You might be missing a role command. | I thought that role wasn't the problem matter here. Nevertheless, I have added the role explicitly to .te file: | | role system_r types ql_spamassassin_client_t; | Compiled the module, inserted it into the kernel, and that changed nothing. The problem is still there. :( QingLong. -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list