On Fri, Jun 16, 2006 at 07:14:56AM -0400, Daniel J Walsh wrote:
> QingLong wrote:
>> Would you be so kind as to give me a hint why postfix's pipe command
>> tries to execute a custom script with execute_no_trans? Details follow.
[...]
> Run the AVC's through audit2why?
>
Yes, I have tried it:
|
| type=AVC msg=audit(1150288478.697:6253): avc: denied { execute_no_trans } for pid=20218 comm="pipe" name="PostFix.mail.SpamAssassin.spamfilter.sh" dev=md9 ino=56842 scontext=system_u:system_r:postfix_pipe_t:s0 tcontext=system_u:object_r:ql_spamassassin_client_exec_t:s0 tclass=file
| Was caused by:
| Missing or disabled TE allow rule.
| Allow rules may exist but be disabled by boolean settings; check boolean settings.
|
The only booleans that may have something to do with the problem are
setrans_disable_trans
postfix_disable_trans
and both of them have zero value. Did I miss some boolean?
|
| You can see the necessary allow rules by running audit2allow with this audit message as input.
|
| You might be missing a role command.
|
I thought that role wasn't the problem matter here.
Nevertheless, I have added the role explicitly to .te file:
|
| role system_r types ql_spamassassin_client_t;
|
Compiled the module, inserted it into the kernel, and that changed nothing.
The problem is still there. :(
QingLong.
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
