Adding two new booleans to httpd to tighten it's security.
Christopher J. PeBenito
cpebenito at tresys.com
Mon Dec 12 19:27:57 UTC 2005
On Sat, 2005-12-10 at 20:08 +0100, Nicolas Mailhot wrote:
> How about having selinux play nice with spamassassin at last ?
>
> It's still not able to create resolver sockets
> "Error creating a DNS resolver socket"
This is fixed upstream.
> or writing in its own files
>
> cannot create tmp lockfile ~/.spamassassin/bayes.lock.xxx
> cannot write to ~/.spamassassin/user_pref
You didn't say what the denial was. I went looking, and only found this
on the mail list:
On Sun, 2005-11-20 at 08:52 -0700, W. Scott Wilburn wrote:
> Nov 20 04:05:44 scooby kernel: audit(1132484744.807:45387): avc: denied
> { search } for pid=25548 comm="spamd" name=".spamassassin" dev=md0
> ino=2197675 scontext=root:system_r:spamd_t
> tcontext=user_u:object_r:user_home_t tclass=dir
Is this the denial that corresponds to the messages you have above?
> Or else fix fstab-sync
>
> avc: denied { getattr } for pid=2572 comm="fstab-sync" name="/"
> dev=tmpfs ino=5287 scontext=system_u:system_r:updfstab_t:s0
> tcontext=system_u:object_r:tmpfs_t:s0 tclass=dir
Fixed upstream.
> or gpm
>
> avc: denied { write } for pid=2420 comm="gpm" name="mice" dev=tmpfs
> ino=4118 scontext=system_u:system_r:gpm_t:s0
> tcontext=system_u:object_r:mouse_device_t:s0 tclass=chr_file
Fixed upstream.
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
More information about the fedora-selinux-list
mailing list