SELinux doesn't know about spamassassin and sendmail
Paul Howarth
paul at city-fan.org
Wed Feb 18 21:02:04 UTC 2009
On Tue, 17 Feb 2009 18:11:55 -0500
"G.Wolfe Woodbury" <ggw at wolves.durham.nc.us> wrote:
> Paul Howarth wrote:
> > G.Wolfe Woodbury wrote:
> >> SELinux is constantly complaining that the spamassassin daemon
> >> (spamc) doesn't have permissions to do various things to sendmail
> >> (read write, getattr, etc...)
> >>
> >> This is the main reason that I have been ignoring SELinux and
> >> running in permissive mode. It's probably about time to complain
> >> and ask someone to fix it since I've not got the ability to do so.
> >
> > Might this be https://bugzilla.redhat.com/show_bug.cgi?id=485426 ?
> > If so, have you tried switching to enforcing mode and testing if it
> > still actually works despite the denials?
>
> No, that section of the sendmail seems to behave in terms of file
> descriptors, but is being denied by SELinux/kernel in other places.
> I just doesn't work at all in enforcing mode.
>
> > How are you using spamassassin with sendmail - spamass-milter?
>
> No, the other method of having a spamc process filtering it from the
> user's .procmailrc so that each user can opt-in/opt-out of spam
> detection on their own.
>
>
> >> I apologize if this is the wrong list.
> >
> > fedora-selinux-list would probably be a better place.
>
> I'll have to join another list then.
OK, post to fedora-selinux-list and include the selinux denials you're
seeing (they'll be in /var/log/messages if you're not running auditd
and /var/log/audit/audit.log otherwise).
Paul.
More information about the devel
mailing list