pyzor and SELinux
Daniel J Walsh
dwalsh at redhat.com
Tue Mar 21 04:46:34 UTC 2006
Antony Nguyen wrote:
> Hello,
>
> It appears that the pyzor spam filtering process and selinux don't
> like each other on an up-to-date FC4 system:
>
> type=AVC msg=audit(1142747621.765:115624): avc: denied {
> name_connect } for pid=23305 comm="pyzor" dest=80
> scontext=root:system_r:spamd_t tcontext=system_u:object_r:http_port_t
> tclass=tcp_socket
> type=SYSCALL msg=audit(1142747621.765:115624): arch=c000003e
> syscall=42 success=no exit=-13 a0=3 a1=2aaaadb00ec0 a2=10 a3=0 items=0
> pid=23305 auid=500 uid=502 gid=0 euid=502 suid=502 fsuid=502 egid=502
> sgid=502 fsgid=502 comm="pyzor" exe="/usr/bin/python"
> type=SOCKADDR msg=audit(1142747621.765:115624):
> saddr=020000504223FAD10000000000000000
>
> Can anyone give me a hint as to how to add an selinux policy for pyzor
> or enable its ability to resolve names?
>
> Thanks,
> Tony
>
This means that spamd command pyzor is trying to connect to an
httpd_port. Is this expected/legitimate behaviour?
I see that a pyzor policy was written in the example policy but was
never turned on in FC4. This pyzor policy does not allow connections
to the httpd_port_t (80) either.
More information about the fedora-list
mailing list