Adding two new booleans to httpd to tighten it's security.

Nicolas Mailhot nicolas.mailhot at
Mon Dec 12 20:06:00 UTC 2005

On Lun 12 décembre 2005 20:27, Christopher J. PeBenito wrote:
> On Sat, 2005-12-10 at 20:08 +0100, Nicolas Mailhot wrote:
>> How about having selinux play nice with spamassassin at last ?
>> It's still not able to create resolver sockets
>> "Error creating a DNS resolver socket"
> This is fixed upstream.

I think it is in spamd context but not in procmail context.

>> or writing in its own files
>> cannot create tmp lockfile ~/.spamassassin/
>> cannot write to ~/.spamassassin/user_pref
> You didn't say what the denial was.

A lot of traces where attached in redhat bugzilla entries.

They no longuer appear in audit.log - I suspect /homes accesses are now
filtered by default
(when the problem was first reported a few weeks ago they did appear as AVCs)

The tricky bit is most of them are executed for the home user, but in
procmail context.


Nicolas Mailhot

More information about the fedora-selinux-list mailing list