Paul Howarth wrote:
Daniel J Walsh wrote:
Volker Englisch wrote:
I have a lot of avc messages in my log file indicating a problem
with spamassassin/mqueue.
I am running FC6 with a standard installation and don't know why
there is a problem with the directory /var/spool/mqueue.
$ ls -Zd mqueue
drwx------ root mail system_u:object_r:mqueue_spool_t mqueue/
Do I need to change the context for this directory?
Below are some of the messages from my log file:
Nov 8 23:02:32 kepler kernel: audit(1163044952.697:127322): avc:
denied { search } for pid=14530 comm="spamassassin" name="mqueue"
dev=sda8 ino=326413 scontext=user_u:system_r:procmail_t:s0
tcontext=system_u:object_r:mqueue_spool_t:s0 tclass=dir
Nov 8 23:02:33 kepler kernel: audit(1163044953.317:127323): avc:
denied { search } for pid=14530 comm="spamassassin" name="mqueue"
dev=sda8 ino=326413 scontext=user_u:system_r:procmail_t:s0
tcontext=system_u:object_r:mqueue_spool_t:s0 tclass=dir
Nov 8 23:02:33 kepler kernel: audit(1163044953.317:127324): avc:
denied { search } for pid=14530 comm="spamassassin" name="mqueue"
dev=sda8 ino=326413 scontext=user_u:system_r:procmail_t:s0
tcontext=system_u:object_r:mqueue_spool_t:s0 tclass=dir
Nov 8 23:02:33 kepler kernel: audit(1163044953.317:127325): avc:
denied { search } for pid=14530 comm="spamassassin" name="mqueue"
dev=sda8 ino=326413 scontext=user_u:system_r:procmail_t:s0
tcontext=system_u:object_r:mqueue_spool_t:s0 tclass=dir
Does procmail need to read this directory?
Does procmail need to be able to write this directory?
Isn't this a consequence of procmail being the local delivery agent
for sendmail by default?
Paul.
I am no procmail expert. :^) But I just modified this to a dontaudit
in the policy. Since we were already dontauditing the read of this file.
Seems that the people who wrote the policy believes procmail does not
need to read these files.
Dan
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
