SEL & Spamassassin

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello All,

I have just upgraded (clean install) from F13 to F15 and installed
spamassassin via yum.

At the same time I also installed the plugins Pyzor, Razor and iXhash.

In Permissive mode something in those triggers a strange AVC:

SELinux is preventing /bin/systemd-tty-ask-password-agent from read access on the fifo_file 136:0.

Here is the detail:

Raw Audit Messages
type=AVC msg=audit(1307797576.537:29628): avc:  denied  { read } for  pid=10471 comm="systemd-tty-ask" name="136:0" dev=tmpfs ino=282609 scontext=unconfined_u:system_r:systemd_passwd_agent_t:s0 tcontext=unconfined_u:object_r:init_var_run_t:s0 tclass=fifo_file


type=AVC msg=audit(1307797576.537:29628): avc:  denied  { open } for  pid=10471 comm="systemd-tty-ask" name="136:0" dev=tmpfs ino=282609 scontext=unconfined_u:system_r:systemd_passwd_agent_t:s0 tcontext=unconfined_u:object_r:init_var_run_t:s0 tclass=fifo_file


type=SYSCALL msg=audit(1307797576.537:29628): arch=i386 syscall=open success=yes exit=ESRCH a0=8ca9080 a1=88900 a2=0 a3=bf8fba54 items=0 ppid=10470 pid=10471 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=4294967295 comm=systemd-tty-ask exe=/bin/systemd-tty-ask-password-agent subj=unconfined_u:system_r:systemd_passwd_agent_t:s0 key=(null)

Hash: systemd-tty-ask,systemd_passwd_agent_t,init_var_run_t,fifo_file,read

audit2allow

#============= systemd_passwd_agent_t ==============
allow systemd_passwd_agent_t init_var_run_t:fifo_file { read open };

audit2allow -R

#============= systemd_passwd_agent_t ==============
allow systemd_passwd_agent_t init_var_run_t:fifo_file { read open };


The other slightly odd thing is that when I place the system back into
Enforcing mode I get no AVCs, but some of the Spamassassin checks
(Especially iXhash I think) don't seem to be run, but give no errors.

Anyway, the above AVC looked strange and I didn't want to create a local
policy module for it until I had checked with the chaps here...

Thanks in advance for any advice or suggestions...

Mark

Attachment: signature.asc
Description: This is a digitally signed message part

--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux