Fedora 13, Spamassassin, and SELinux
B Wooster
bwooster47 at gmail.com
Tue Jun 22 22:58:19 UTC 2010
On Tue, Jun 22, 2010 at 8:14 AM, Daniel J Walsh <dwalsh at redhat.com> wrote:
>
> Did you turn on the boolean
>
> # setsebool -P spamassassin_can_network 1
>
Oh yes, that seems to fix the problem - I don't see any new messages
in audit.log after doing that, I thought you wanted to see the log
messages before the fix - was not sure what you meant
> Could you attach the AVC messages. I need to change the priority.
> If you pipe the messages to audit2allow -w, it should tell you about the boolean.
Running audit.log through that shows many messages like
type=AVC msg=audit(1277118669.249:111468): avc: denied { name_bind }
for pid=14265 comm="spamassassin" src=14139
scontext=unconfined_u:system_r:spamc_t:s0
tcontext=system_u:object_r:port_t:s0 tclass=udp_socket
Was caused by:
Unknown - would be allowed by active policy
Possible mismatch between this policy and the one
under which the audit message was generated.
Possible mismatch between current in-memory boolean
settings vs. permanent ones.
But I'm all set now, for other reasons, am running with selinux=0
More information about the users
mailing list