On Tue, 2007-06-26 at 23:25 -0500, mothra wrote:
> I'm rather green, and have had some trouble deciphering a lot of the
> SELinux stuff. Any help would be great. I'm using procmail to filter
> mail through spamassassin (SA), but SELinux appears to be interfering. I
> say this because if I turn off enforcing, mail gets through properly
> tagged by SA. With SELinux on, messages are not tagged by SA. The log
> looks like this:
>
> Jun 26 23:07:51 parsnip kernel: audit(1182917271.036:1779): enforcing=1
> old_enforcing=0 auid=4294967295
> Jun 26 23:07:51 parsnip dbus: avc: received setenforce notice (enforcing=1)
> Jun 26 23:08:04 parsnip kernel: audit(1182917284.795:1780): avc: denied
> { search } for pid=28116 comm="spamassassin" name="tmp" dev=sda3
> ino=26738689 scontext=user_u:system_r:procmail_t:s0
> tcontext=system_u:object_r:tmp_t:s0 tclass=dir
>
> My (rather ignorant) read is that procmail_t and tmp_t are not matching
> (procmail does try to write a lockfile). And what I have gleaned is that
> I either need some sort of rule that somehow matches these two, or I need
> to change some tags (on my /tmp directory?) to allow this to proceed.
>
> Am I anywhere near the ballpark? I tried audit2why to decipher this, but
> it complained that it didn't understand policies outside of the range
> 15-20. Audit2allow returns
>
> allow procmail_t tmp_t:di search;
>
> But I'm not sure what to do with it...
>
> Thanks in advance for any help!
What is your procmail recipe for spamassassin?
I've had more success using "/usr/bin/spamc" rather than
"/usr/bin/spamassassin" in the past.
Paul.
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
