Actually, let me ask that another way. How should I go about finding
the contexts where procmail_t is allowed to create/delete/rename files?
I'm getting a flood of AVCs like the ones below and need to figure out
an appropriate context for some directories that, FWIW, are deep down
under /srv.
node=omega-3x.local type=AVC msg=audit(1267778517.644:30180): avc: denied {
write } for pid=3017 comm="decode64" name="Received-0305" dev=sda8
ino=7442469
scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:object_r:var_t:s0
tclass=dir
node=omega-3x.local type=AVC msg=audit(1267778517.644:30180): avc: denied {
add_name } for pid=3017 comm="decode64" name="jARhqK"
scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:object_r:var_t:s0
tclass=dir
node=omega-3x.local type=AVC msg=audit(1267778517.644:30180): avc: denied {
create } for pid=3017 comm="decode64" name="jARhqK"
scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:object_r:var_t:s0
tclass=file
node=omega-3x.local type=AVC msg=audit(1267778517.644:30180): avc: denied {
read write open } for pid=3017 comm="decode64" name="jARhqK" dev=sda8
ino=5347353 scontext=system_u:system_r:procmail_t:s0
tcontext=system_u:object_r:var_t:s0 tclass=file
node=omega-3x.local type=AVC msg=audit(1267778517.645:30181): avc: denied {
setattr } for pid=3017 comm="decode64" name="jARhqK" dev=sda8
ino=5347353
scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:object_r:var_t:s0
tclass=file
node=omega-3x.local type=AVC msg=audit(1267778517.725:30183): avc: denied {
link } for pid=3017 comm="decode64" name="jARhqK" dev=sda8
ino=5347353
scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:object_r:var_t:s0
tclass=file
node=omega-3x.local type=AVC msg=audit(1267778517.726:30184): avc: denied {
remove_name } for pid=3017 comm="decode64" name="jARhqK" dev=sda8
ino=5347353
scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:object_r:var_t:s0
tclass=dir
node=omega-3x.local type=AVC msg=audit(1267778517.726:30184): avc: denied {
unlink } for pid=3017 comm="decode64" name="jARhqK" dev=sda8
ino=5347353
scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:object_r:var_t:s0
tclass=file
--
Bob Nichols "NOSPAM" is really part of my email address.
Do NOT delete it.