On Fri, 2008-05-16 at 10:10 +0200, Daniel Fazekas wrote:
SELinux appears to stop spamc from being called from procmail:
type=1401 audit(1210924808.115:14): security_compute_sid: invalid
context system_u:system_r:spamc_t:s0 for
scontext=system_u:system_r:procmail_t:s0
tcontext=system_u:object_r:spamc_exec_t:s0 tclass=process
Create a local policy module either via audit2allow or by hand to permit
it. The rule in particular that is missing is "role system_r types
spamc_t;".
The audit2allow way:
# grep spamc /var/log/audit/audit.log | audit2allow -M myspamc
# semodule -i myspamc.pp
The hand-written way:
# cat myspamc.te
policy_module(myspamc, 1.0)
require {
role system_r;
type spamc_t;
}
role system_r types spamc_t;
# make -f /usr/share/selinux/devel/Makefile myspamc.pp
# semodule -i myspamc.pp
procmail logs:
/usr/bin/spamc: /usr/bin/spamc: cannot execute binary file
procmail: Error while writing to "/usr/bin/spamc"
procmail: Rescue of unfiltered data succeeded
In my .procmailrc I have this line:
INCLUDERC=/etc/mail/spamassassin/spamassassin-spamc.rc
Used to work fine in previous releases of Fedora.
Is there anything I could set to allow this?
I have already tried a full touch ./autorelabel && reboot, it didn't
help.
SELinux is using
selinux-policy-targeted-3.3.1-42.fc9.noarch
selinux-policy-3.3.1-42.fc9.noarch
--
fedora-selinux-list mailing list
fedora-selinux-list(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list --
Stephen Smalley
National Security Agency