-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Bob Richmond wrote: > I'm trying to make spamd listen on a unix domain socket, and let spamc > connect to it. The question is, I can't figure out the intended > destination for the spamd socket file (as specified via --socketpath > passed to spamd and -U to spamc). I see that spamc_t has permission to > connect to a socket with a type of spamd_tmp_t, but there doesn't appear > to be an fc rule for where a new socket file would inherit that type. > > It makes sense to me that the socket file should exist in > /var/run/spamassassin/spamd.sock to be consistent, but > /var/run/spamassassin has a type of spamd_var_run_t, where spamc has no > permission to connect to a sock_file under. Any help? > > I'm running F10, policy version selinux-policy-targeted-3.5.13-18.fc10. > > Thanks! > > -- > fedora-selinux-list mailing list > fedora-selinux-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/fedora-selinux-list Currently it is only allowed to connect to a sock file in /tmp, Although it should be allowed to use /var/run/spamassassin. I will update policy You can add these rules for now using # grep avc /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Fixed in selinux-policy-3.5.13-29.fc10 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkk1qXQACgkQrlYvE4MpobOpNACeOVVplPU+IG9QALu6UdBLUaMw 0GUAoJ+d23rJPHb5LhSzrPTt/DNEZCnH =HHE9 -----END PGP SIGNATURE----- -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
