SELinux doesn't understand sendmail<->spamassassin interactions
G.Wolfe Woodbury
ggw at wolves.durham.nc.us
Wed Feb 18 22:53:41 UTC 2009
Similar to the mailman problem, SELinux doesn't understand the
interactions between sendmail and spamassassin. In this case, however,
the spamassassin stuff quits working completely.
This installation of spamassassin uses the "spamc" daemon, and mails are
passed to that daemon from user's .procmailrc files. (This allows the
user to opt-in/opt-out of spam detection on their own by altering their
own .procmailrc file.)
SELinux complains a lot because every message passwd from the user
delivery chain gets a denial because "sendmail" (actually procmail) has
no permissions to write the spamassassin spamc socket:
type=AVC msg=audit(1234094494.975:3163): avc: denied { read write }
for pid=612 comm="spamc" path="socket:[2166561]" dev=sockfs ino=2166561
scontext=system_u:system_r:spamc_t:s0
context=system_u:system_r:sendmail_t:s0
tclass=unix_stream_socket
I don't fully understand some of the concepts used in SELinux, and am
running F10+updates in "permissive" mode so that things work but I get
notified of "abnormal" events.
Additionally, other aspects of the sendmail/spamassassin interaction
attract SELinux complaints. (getattr of spamc socket, etc) but I geet
thousands of complaints about the read/write of the spamc socket.
(about 8 active e-mail accounts, several of which are spam traps.)
Thanks for your attention and patience.
--
G.Wolfe Woodbury
More information about the fedora-selinux-list
mailing list