On Wed, 2006-08-16 at 21:38 -0700, Charles A. Crayne wrote: > With a fully updated FC5 targeted policy, in permissive mode, while sorting > incoming mail, procmail invokes spamassassin, which wants read and getattr > permission for file /etc/shadow. I used audit2allow to create an allow > rule for these cases, but the resulting local.pp module will not load, > because it triggers an assert rule. > > What is the recommended resolution to this issue? Odds are good that it doesn't truly need those permissions, so use a dontaudit rule instead of an allow rule, and see if it works then in enforcing mode. The dontaudit rule will just suppress the audit message without allowing it to happen. -- Stephen Smalley National Security Agency -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
