Fedora 13, Spamassassin, and SELinux
Daniel J Walsh
dwalsh at redhat.com
Wed Jun 23 21:25:51 UTC 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 06/22/2010 06:58 PM, B Wooster wrote:
> On Tue, Jun 22, 2010 at 8:14 AM, Daniel J Walsh <dwalsh at redhat.com> wrote:
>>
>> Did you turn on the boolean
>>
>> # setsebool -P spamassassin_can_network 1
>>
>
> Oh yes, that seems to fix the problem - I don't see any new messages
> in audit.log after doing that, I thought you wanted to see the log
> messages before the fix - was not sure what you meant
>> Could you attach the AVC messages. I need to change the priority.
>> If you pipe the messages to audit2allow -w, it should tell you about the boolean.
>
> Running audit.log through that shows many messages like
> type=AVC msg=audit(1277118669.249:111468): avc: denied { name_bind }
> for pid=14265 comm="spamassassin" src=14139
> scontext=unconfined_u:system_r:spamc_t:s0
> tcontext=system_u:object_r:port_t:s0 tclass=udp_socket
>
> Was caused by:
> Unknown - would be allowed by active policy
> Possible mismatch between this policy and the one
> under which the audit message was generated.
>
> Possible mismatch between current in-memory boolean
> settings vs. permanent ones.
>
>
> But I'm all set now, for other reasons, am running with selinux=0
Well ask questions about what caused you to disable SELInux. Remember
you can always put the machine into permissive mode or individual
domains permissive.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkwie98ACgkQrlYvE4MpobMsKACgioTb4XSbOcKT2ywh+s0eTb4X
M4QAn0/SUAQEWZZId9jPlSF1kLte1INO
=zgC+
-----END PGP SIGNATURE-----
More information about the users
mailing list