Daniel J Walsh wrote:
Volker Englisch wrote:
I have a lot of avc messages in my log file indicating a problem with
spamassassin/mqueue.
I am running FC6 with a standard installation and don't know why
there is a problem with the directory /var/spool/mqueue.
$ ls -Zd mqueue
drwx------ root mail system_u:object_r:mqueue_spool_t mqueue/
Do I need to change the context for this directory?
Below are some of the messages from my log file:
Nov 8 23:02:32 kepler kernel: audit(1163044952.697:127322): avc:
denied { search } for pid=14530 comm="spamassassin" name="mqueue"
dev=sda8 ino=326413 scontext=user_u:system_r:procmail_t:s0
tcontext=system_u:object_r:mqueue_spool_t:s0 tclass=dir
Nov 8 23:02:33 kepler kernel: audit(1163044953.317:127323): avc:
denied { search } for pid=14530 comm="spamassassin" name="mqueue"
dev=sda8 ino=326413 scontext=user_u:system_r:procmail_t:s0
tcontext=system_u:object_r:mqueue_spool_t:s0 tclass=dir
Nov 8 23:02:33 kepler kernel: audit(1163044953.317:127324): avc:
denied { search } for pid=14530 comm="spamassassin" name="mqueue"
dev=sda8 ino=326413 scontext=user_u:system_r:procmail_t:s0
tcontext=system_u:object_r:mqueue_spool_t:s0 tclass=dir
Nov 8 23:02:33 kepler kernel: audit(1163044953.317:127325): avc:
denied { search } for pid=14530 comm="spamassassin" name="mqueue"
dev=sda8 ino=326413 scontext=user_u:system_r:procmail_t:s0
tcontext=system_u:object_r:mqueue_spool_t:s0 tclass=dir
Does procmail need to read this directory?
Does procmail need to be able to write this directory?
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
In policy there is a dontaudit rule
ifdef(`hide_broken_symptoms',`
mta_dontaudit_rw_queue(procmail_t)
')
But we don't have hide_broken_symptons turned on right now. So I guess
this has been seen before but has been deemed broken behaviour from a
SELinux point of view.
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
