pyzor and SELinux
Craig White
craigwhite at azapple.com
Sun Mar 19 06:11:11 UTC 2006
On Sat, 2006-03-18 at 22:04 -0800, Antony Nguyen wrote:
> Hello,
>
> It appears that the pyzor spam filtering process and selinux don't like
> each other on an up-to-date FC4 system:
>
> type=AVC msg=audit(1142747621.765:115624): avc: denied { name_connect }
> for pid=23305 comm="pyzor" dest=80 scontext=root:system_r:spamd_t
> tcontext=system_u:object_r:http_port_t tclass=tcp_socket
> type=SYSCALL msg=audit(1142747621.765:115624): arch=c000003e syscall=42
> success=no exit=-13 a0=3 a1=2aaaadb00ec0 a2=10 a3=0 items=0 pid=23305
> auid=500 uid=502 gid=0 euid=502 suid=502 fsuid=502 egid=502 sgid=502
> fsgid=502 comm="pyzor" exe="/usr/bin/python"
> type=SOCKADDR msg=audit(1142747621.765:115624):
> saddr=020000504223FAD10000000000000000
>
> Can anyone give me a hint as to how to add an selinux policy for pyzor or
> enable its ability to resolve names?
>
----
try this...
yum install selinux-policy-targeted-sources
cd /etc/selinux/targeted/src/policy
audit2allow -d >> domains/local.te
make reload
I won't explain and I'm just guessing that will work for you.
Craig
More information about the fedora-list
mailing list