On Wed, Jul 30, 2008 at 03:33:14PM -0400, Daniel J Walsh wrote:
> But do you have the original avc messages used to generate the policy.
> I want to see if we are missing transitions? What port is it
> communicating with etc.
Apologies for the slow response. RL gets in the way sometimes...
To recap:
My mail chain is as follows:
fetchmail -> procmail
|
-> clamassassin -> spamassassin -> dovecot -> MUA
|
-> clamdscan
|
-> clamd
I had made several home-made policies to allow clamd to work under F8.
Following an upgrade to F9 I get a whole load more avc denials and have
had to add a bunch of policies to get it to work.
With SEL in enforcing mode (I know I should have set it to permissive
until I had sorted this out but I though each problem would be the
last..) the recent denials fell into 3 types:
sending denials
receiving denial
write to pipe denials
I got several hundred sending denials until I wrote a policy with
audit2allow then I got sever hundred receiving denials until I fixed
that and finally a ton of write-to pipe. If you look at the collection
of raw audit messages (just a sample) that I posted here
http://pastebin.com/m7b60d46a
you will see that almost every part of the mail chain seems to be
affected.
Finding the original avc messages from my F8 install would be hard work,
but I have included 3 (one of each type) from the F9 upgrade. You can
see them here:
http://pastebin.com/m1fc5a466
If you want others (as referred to in the raw avcs) just let me know.
So, clamd settings can be seen here (entire clamd.conf file) :
http://pastebin.com/m72927397
A selection of raw avc messages can be seen here:
http://pastebin.com/m7b60d46a
And 3 of the entire avc messages here:
http://pastebin.com/m1fc5a466
I really do thank you for your help...
AD
Attachment:
pgp5wx7A6zVRU.pgp
Description: PGP signature
-- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
