https://bugzilla.redhat.com/show_bug.cgi?id=1473017
Bug ID: 1473017
Summary: amavisd-new-2.11.0-1 has issue with DCC, can't write
to /etc/dcc
Product: Fedora EPEL
Version: epel7
Component: amavisd-new
Severity: low
Assignee: j.orti.alcaine(a)gmail.com
Reporter: pb(a)bieringer.de
QA Contact: extras-qa(a)fedoraproject.org
CC: janfrode(a)tanso.net, j.orti.alcaine(a)gmail.com,
perl-devel(a)lists.fedoraproject.org, steve(a)silug.org,
vanmeeuwen+fedora(a)kolabsys.com
Description of problem:
since upgrading EL7 system strange DCC messages are occuring.
Version-Release number of selected component (if applicable):
amavisd-new-2.11.0-1
How reproducible:
always
Steps to Reproduce:
1. have amavisd+spamassassin+DCC installed
Actual results:
Jul 19 22:29:57 *** dccproc[29496]: open(/etc/dcc/map): Permission denied
Jul 19 22:29:57 *** dccproc[29496]: lock_open(/etc/dcc/whiteclnt.dccx):
Permission denied; file not writeable for locking
Expected results:
Working as before the update
Additional info:
related systemd unit file changed,
2.11.0-1 added:
ProtectSystem=full
This prevents dccproc from writing to /etc/dcc
"Workaround": reduce restriction to
ProtectSystem=true
Looks like systemd.exec is missing a feature, because
ReadWritePaths=-/etc/dcc
is not supported on ProtectSystem=full, only on ProtectSystem=strict (which is
even more hard...)
Imho "full" should already honor ReadWritePaths
--
You are receiving this mail because:
You are on the CC list for the bug.