Re: spamassassin pre-compiled rules

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 07/13/2009 11:19 AM, Vadym Chepkov wrote:
> sa-compile scripts puts them there, it runs manually from the cron.
> sa-compile call is not part of the standard Fedora package and as I said earlier, this context already exists in the standard policy, furthermore, Dan, you added it the by my request :) But even though it exists, it is being ignored when the library is created, I am not really sure how sa-compile script does it, but 'restorecon -R' afterward seems like an appropriate workaround.
> 
> Sincerely yours,
>   Vadym Chepkov
> 
> 
> --- On Mon, 7/13/09, Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote:
> 
>> From: Daniel J Walsh <dwalsh@xxxxxxxxxx>
>> Subject: Re: spamassassin pre-compiled rules
>> To: "Vadym Chepkov" <chepkov@xxxxxxxxx>
>> Cc: "Fedora SELinux" <fedora-selinux-list@xxxxxxxxxx>
>> Date: Monday, July 13, 2009, 11:06 AM
>> On 07/11/2009 08:06 AM, Vadym Chepkov
>> wrote:
>>> spamassassin rules got updated recently and I got this
>> avc
>>> type=AVC msg=audit(1247216252.200:31900): avc: 
>> denied  { execute } for  pid=24001 comm="spamd"
>> path="/var/lib/spamassassin/compiled/5.010/3.002005/auto/Mail/SpamAssassin/CompiledRegexps/body_0/body_0.so"
>> dev=dm-3 ino=124989 scontext=system_u:system_r:spamd_t:s0
>> tcontext=system_u:object_r:spamd_var_lib_t:s0 tclass=file
>>> audit2allow suggests this
>>> #============= spamd_t ==============
>>> allow spamd_t spamd_var_lib_t:file execute;
>>> seems reasonable, but why is it missing in standard
>> policy?
>>> Sincerely yours,
>>>    Vadym Chepkov
>>>
>>> --
>>> fedora-selinux-list mailing list
>>> fedora-selinux-list@xxxxxxxxxx
>>> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>> Vadym, What puts the files in this directory?  Are
>> they all shared libraries?
>>
>> One solution would be to label this directory
>>
>> # semanage fcontext -a -t lib_t
>> '/var/lib/spamassassin/compiled(/.*)?'
>> # restorecon -R -v /var/lib/spamassassin
>>
>>
>>
Vadym, can you create a patch for them to add a restorecon after they create the libraries. 


--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux