I'm gradually upgrading to Fedora 10 using yum, so I suspect this
problem might be that some package is not yet upgraded. But I can't
understand what it could be.
I'm running spamassassin using the lines
DROPPRIVS=yes
INCLUDERC=/etc/mail/spamassassin/spamassassin-spamc.rc
in /etc/procmailrc. After upgrading to Fedora 10 policy and
spamassassin I get these AVC:s
time->Sun Dec 7 20:01:46 2008
type=SYSCALL msg=audit(1228676506.702:50): arch=c000003e syscall=42 success=no exit=-13 a0=4 a1=1358850 a2=10 a3=8 items=0 ppid=3558 pid=3559 auid=4294967295 uid=503 gid=503 euid=503 suid=503 fsuid=503 egid=503 sgid=503 fsgid=503 tty=(none) ses=4294967295 comm="spamc" exe="/usr/bin/spamc" subj=system_u:system_r:spamc_t:s0 key=(null)
type=AVC msg=audit(1228676506.702:50): avc: denied { name_connect } for pid=3559 comm="spamc" dest=783 scontext=system_u:system_r:spamc_t:s0 tcontext=system_u:object_r:spamd_port_t:s0 tclass=tcp_socket
I.e., spamc isn't allowed to connect to spamd's TCP socket.
Looking in the spamassassin.te source I see that spamc_t is allowed to
connect to spamd_t:unix_stream_socket but I can't see anything that
would allow it to connect to a tcp_socket of any type.
Looking at the spamassassin code, I spamd would create and spamc use a
unix-domain socket if given explicit path to it, but in the default
configuration I can't see anything that would add those flags.
I've enabled spamassassin_can_network as a temporary workaround, but
that shouldn't be necessary just to use spamc, should it?
What am I missing here?
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
