On 07/11/2009 08:06 AM, Vadym Chepkov wrote:
> spamassassin rules got updated recently and I got this avc
>
> type=AVC msg=audit(1247216252.200:31900): avc: denied { execute } for pid=24001 comm="spamd" path="/var/lib/spamassassin/compiled/5.010/3.002005/auto/Mail/SpamAssassin/CompiledRegexps/body_0/body_0.so" dev=dm-3 ino=124989 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:spamd_var_lib_t:s0 tclass=file
>
> audit2allow suggests this
> #============= spamd_t ==============
> allow spamd_t spamd_var_lib_t:file execute;
> seems reasonable, but why is it missing in standard policy?
>
> Sincerely yours,
> Vadym Chepkov
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Vadym, What puts the files in this directory? Are they all shared libraries?
One solution would be to label this directory
# semanage fcontext -a -t lib_t '/var/lib/spamassassin/compiled(/.*)?'
# restorecon -R -v /var/lib/spamassassin
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
