On second thought, no. I do not think spamd_t has access to
user_pyzor_home_t.
sesearch --allow -s spamd_t | grep home | less
so i guess your custom module fixes that. consider filing a bug report
for this issue.
On Mon, 2009-02-02 at 16:52 +0000, Arthur Dent wrote:
> On Mon, Feb 02, 2009 at 05:34:47PM +0100, Dominick Grift wrote:
> > I think, but not sure, that your home space is mislabeled ( especially
> > pyzor_home_t). if my memory serves me correct then labeling for that
> > location has recently changes. It seems that setroubleshoot hasnt been
> > updated to reflect this change yet.
> >
> > to fix, restorecon -R -v /home, might fix this issue.
> >
> > hth
>
> Thanks for that suggestion. I tried it, and there were indeed some files
> that got relabelled - but not the pyzor ones. Do you think that the ones
> that did are significant in this issue? (Output listed below).
>
> I have already created a local policy using audit2allow and this
> produced the following:
>
> require {
> type user_pyzor_home_t;
> type spamd_t;
> class file { read getattr };
> }
>
> #============= spamd_t ==============
> allow spamd_t user_pyzor_home_t:file { read getattr };
>
>
> Do you think I still need this local policy?
>
> Thanks for your help...
>
> Mark
>
> Output of the relabelling (apologies for the line-wrap)...
>
> restorecon -R -v /home
> restorecon reset
> /home/mark/.texlive2007/texmf-var/fonts/pk/ljfour/jknappen/ec/ecrm1200.600pk
> context
> unconfined_u:object_r:user_tmp_t:s0->system_u:object_r:user_home_t:s0
> restorecon reset
> /home/mark/.texlive2007/texmf-var/fonts/pk/ljfour/jknappen/ec/ectt1000.600pk
> context
> unconfined_u:object_r:user_tmp_t:s0->system_u:object_r:user_home_t:s0
> restorecon reset
> /home/mark/.texlive2007/texmf-var/fonts/pk/ljfour/jknappen/ec/ecbx1200.600pk
> context
> unconfined_u:object_r:user_tmp_t:s0->system_u:object_r:user_home_t:s0
> restorecon reset
> /home/mark/.texlive2007/texmf-var/fonts/pk/ljfour/jknappen/ec/ecrm1000.600pk
> context
> unconfined_u:object_r:user_tmp_t:s0->system_u:object_r:user_home_t:s0
> restorecon reset /home/mark/.spamassassin context
> unconfined_u:object_r:user_home_t:s0->system_u:object_r:user_spamassassin_home_t:s0
> restorecon reset /home/mark/.spamassassin/bayes_toks.expire2474 context
> system_u:object_r:user_home_t:s0->system_u:object_r:user_spamassassin_home_t:s0
> restorecon reset /home/mark/.spamassassin/bayes_journal context
> unconfined_u:object_r:user_home_t:s0->system_u:object_r:user_spamassassin_home_t:s0
> restorecon reset
> /home/mark/.spamassassin/bayes.lock.troodos.org.uk.20547 context
> unconfined_u:object_r:user_home_t:s0->system_u:object_r:user_spamassassin_home_t:s0
> restorecon reset /home/mark/.spamassassin/user_prefs context
> unconfined_u:object_r:user_home_t:s0->system_u:object_r:user_spamassassin_home_t:s0
> restorecon reset
> /home/mark/.spamassassin/bayes.lock.troodos.org.uk.23935 context
> unconfined_u:object_r:user_home_t:s0->system_u:object_r:user_spamassassin_home_t:s0
> restorecon reset /home/mark/.spamassassin/bayes_seen context
> unconfined_u:object_r:user_home_t:s0->system_u:object_r:user_spamassassin_home_t:s0
> restorecon reset /home/mark/.spamassassin/bayes_toks context
> unconfined_u:object_r:user_home_t:s0->system_u:object_r:user_spamassassin_home_t:s0
> restorecon reset /home/mark/.Xauthority context
> unconfined_u:object_r:user_home_t:s0->system_u:object_r:user_xauth_home_t:s0
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
