Added allow rules to git.
37b6084d375830211faf6494a0029b2511d6bc55
I would just allow this and see if it fixes your problem.
On 01/03/2015 10:27 AM, James T. Kirk wrote:
> /var/log/audit/audit.log has several of these:
>
> type=AVC msg=audit(1420286239.025:255316): avc: denied { write }
> for pid=29005 comm="spamc" path="pipe:[1505813]" dev="pipefs"
> ino=1505813 scontext=system_u:system_r:spamc_t:s0
> tcontext=system_u:system_r:sendmail_t:s0 tclass=fifo_file permissive=0
> type=SYSCALL msg=audit(1420286239.025:255316): arch=c000003e
> syscall=59 success=yes exit=0 a0=7ff563343380 a1=7ff5633463b0
> a2=7ff5633462f0 a3=8 items=0 ppid=29004 pid=29005 auid=4294967295
> uid=1001 gid=1001 euid=1001 suid=1001 fsuid=1001 egid=1001 sgid=1001
> fsgid=1001 tty=(none) ses=4294967295 comm="spamc" exe="/usr/bin/spamc"
> subj=system_u:system_r:spamc_t:s0 key=(null)
> type=PROCTITLE msg=audit(1420286239.025:255316):
> proctitle="/usr/bin/spamc"
>
> On 1/3/15 4:58 AM, Daniel J Walsh wrote:
>> You need to include the AVC messages.
>>
>>
>> On 01/02/2015 11:17 PM, jtkirk wrote:
>>> I'm running a Fedora 21 64-bit system, sendmail and spamassassin.
>>> Upgraded a little over a week ago from Fedora 20.
>>>
>>> Don't recall seeing these alerts with Fedora 20.... Only been using
>>> SELinux in enforcing mode for a couple months now (apologies in
>>> advance if I'm not providing the relevant details - please let me know
>>> what else to include). I searched for similar issues but couldn't find
>>> anything more recent than 2009.
>>>
>>> SELinux Alert:
>>>
>>> The source process: /usr/bin/spamc
>>> Attempted this access: write
>>> On this fifo_file: fifo_file
>>>
>>> SETroubleshoot Details Window reports:
>>>
>>> SELinux is preventing /usr/bin/spamc from write access on the
>>> fifo_file fifo_file.
>>>
>>> ***** Plugin leaks (86.2 confidence) suggests
>>> *****************************
>>>
>>> If you want to ignore spamc trying to write access the fifo_file
>>> fifo_file, because you believe it should not need this access.
>>> Then you should report this as a bug.
>>> You can generate a local policy module to dontaudit this access.
>>> Do
>>> # grep /usr/bin/spamc /var/log/audit/audit.log | audit2allow -D -M
>>> mypol
>>> # semodule -i mypol.pp
>>>
>>> ***** Plugin catchall (14.7 confidence) suggests
>>> **************************
>>>
>>> If you believe that spamc should be allowed write access on the
>>> fifo_file fifo_file by default.
>>> Then you should report this as a bug.
>>> You can generate a local policy module to allow this access.
>>> Do
>>> allow this access for now by executing:
>>> # grep spamc /var/log/audit/audit.log | audit2allow -M mypol
>>> # semodule -i mypol.pp
>>>
>>> Additional Information:
>>> Source Context system_u:system_r:spamc_t:s0
>>> Target Context system_u:system_r:sendmail_t:s0
>>> Target Objects fifo_file [ fifo_file ]
>>> Source spamc
>>> Source Path /usr/bin/spamc
>>> Port <Unknown>
>>> Host mail.streetparknyc.com
>>> Source RPM Packages spamassassin-3.4.0-12.fc21.x86_64
>>> Target RPM Packages
>>> Policy RPM selinux-policy-3.13.1-103.fc21.noarch
>>> Selinux Enabled True
>>> Policy Type targeted
>>> Enforcing Mode Enforcing
>>> Host Name mail.streetparknyc.com
>>> Platform Linux mail.streetparknyc.com
>>> 3.17.7-300.fc21.x86_64 #1 SMP Wed Dec 17
>>> 03:08:44
>>> --
>>> selinux mailing list
>>> selinux@xxxxxxxxxxxxxxxxxxxxxxx
>>> https://admin.fedoraproject.org/mailman/listinfo/selinux
>
> --
> selinux mailing list
> selinux@xxxxxxxxxxxxxxxxxxxxxxx
> https://admin.fedoraproject.org/mailman/listinfo/selinux
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
