Using spamassassin with selinux

Nicolas Mailhot nicolas.mailhot at laposte.net
Sat Dec 17 10:49:10 UTC 2005 

Hi,

I'm still trying to get spamassassin to work properly with procmail 
selinux (this is bug #172088, been open almost 50 days, still not 
closed). I'm getting a bit tired of watching my spam system fail and 
will probably revert to no selinux testing at all (selinux=0, like 
almost everyone else) if this continues. 50 days is more than enough to 
fix a reported problem.

I have the following entry in my procmail :

:0fw: .spamc.lock
* < 256000
| spamc

Now maildir logs show spamassassin is denied access to its own files 
when selinux is enabled :

Dec 17 11:30:05 rousalka spamd[2681]: spamd: connection from 
localhost.localdomain [127.0.0.1] at port 50637
Dec 17 11:30:05 rousalka spamd[2681]: spamd: setuid to nim succeeded

(yes spamd does setuids)

Dec 17 11:30:05 rousalka spamd[2681]: spamd: creating default_prefs: 
/home/nim/.spamassassin/user_prefs

(spamd didn't see the pref files already existed - probably because of 
selinux - so it tries to create it)

Dec 17 11:30:05 rousalka spamd[2681]: mkdir /home/nim: Le fichier 
existe. at /usr/lib/perl5/vendor_perl/5.8.7/Mail/SpamAssassin.pm line 1467

(the system tells it to get lost, the file already exists)

Dec 17 11:30:05 rousalka spamd[2681]: config: cannot write to 
/home/nim/.spamassassin/user_prefs: Permission non accordée

(and spamd is not allowed to write it)

Dec 17 11:30:05 rousalka spamd[2681]: spamd: failed to create readable 
default_prefs: /home/nim/.spamassassin/user_prefs

likewise pyzor is dead

Dec 17 11:30:05 rousalka spamd[2681]: internal error
Dec 17 11:30:05 rousalka spamd[2681]: pyzor: check failed: internal error

and the autowhitelist can not be modified, because spamd can not create 
a lockfile

Dec 17 11:30:05 rousalka spamd[2681]: locker: safe_lock: cannot create 
tmp lockfile 
/home/nim/.spamassassin/auto-whitelist.lock.rousalka.dyndns.org.2681 for 
/home/nim/.spamassassin/auto-whitelist.lock: Permission non accordée
Dec 17 11:30:05 rousalka spamd[2681]: auto-whitelist: open of 
auto-whitelist file failed: locker: safe_lock: cannot create tmp 
lockfile 
/home/nim/.spamassassin/auto-whitelist.lock.rousalka.dyndns.org.2681 for 
/home/nim/.spamassassin/auto-whitelist.lock: Permission non accordée
Dec 17 11:30:05 rousalka spamd[2681]: Can't call method "finish" on an 
undefined value at 
/usr/lib/perl5/vendor_perl/5.8.7/Mail/SpamAssassin/Plugin/AWL.pm line 397.

This on a fully relabeled selinux-policy-targeted-2.1.6-8 rawhide system

-- 
Nicolas Mailhot

More information about the fedora-selinux-list mailing list