procmail is not allowed to talk to spamassassin

[Nicolas Mailhot]

Le vendredi 28 octobre 2005 à 16:21 -0400, Daniel J Walsh a écrit :
>  
> Updated policy on ftp://people.redhat.com/dwalsh/SELinux/Fedora/
> 
> Should fix both problems.

Thanks, that was quick. However :



1. the avahi changes need more cooking :

rpm -Uvh selinux-policy-targeted-1.27.2-9.noarch.rpm
Préparation...              ###########################################
[100%]
   1:selinux-policy-targeted###########################################
[100%]
/etc/selinux/targeted/contexts/files/file_contexts:  line 776 has
invalid
context system_u:object_r:avahi_exec_t:s0:s0
/etc/selinux/targeted/contexts/files/file_contexts:  line 777 has
invalid
context system_u:object_r:avahi_exec_t:s0:s0
/etc/selinux/targeted/contexts/files/file_contexts:  line 778 has
invalid
context system_u:object_r:avahi_var_run_t:s0:s0
/var/lib is already defined in
/etc/selinux/targeted/contexts/files/file_contexts,
/usr/sbin/genhomedircon will not create a new context.



2. procmail still has trouble invoquing spamc

type=AVC msg=audit(1130531640.621:489): avc:  denied  { execute } for
pid=6118 comm="procmail" name="spamc" dev=dm-0 ino=3349141
scontext=system_u:system_r:postfix_local_t:s0
tcontext=system_u:object_r:spamc_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1130531640.621:489): arch=c000003e syscall=59
success=no exit=-13 a0=51c1a1 a1=51c140 a2=51bf90 a3=51c1a1 items=1
pid=6118 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500
egid=500 sgid=500 fsgid=500 comm="procmail" exe="/usr/bin/procmail"
type=CWD msg=audit(1130531640.621:489):  cwd="/home/nim/.maildir"
type=PATH msg=audit(1130531640.621:489): item=0 name="/usr/bin/spamc"
flags=101  inode=3349141 dev=fd:00 mode=0100755 ouid=0 ogid=0 rdev=00:00
type=AVC msg=audit(1130531640.625:490): avc:  denied  { getattr } for
pid=6118 comm="sh" name="spamc" dev=dm-0 ino=3349141
scontext=system_u:system_r:postfix_local_t:s0
tcontext=system_u:object_r:spamc_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1130531640.625:490): arch=c000003e syscall=4
success=no exit=-13 a0=6bf780 a1=7fffff877bf0 a2=7fffff877bf0 a3=2
items=1 pid=6118 auid=4294967295 uid=500 gid=500 euid=500 suid=500
fsuid=500 egid=500 sgid=500 fsgid=500 comm="sh" exe="/bin/bash"
type=AVC_PATH msg=audit(1130531640.625:490):  path="/usr/bin/spamc"
type=CWD msg=audit(1130531640.625:490):  cwd="/home/nim/.maildir"
type=PATH msg=audit(1130531640.625:490): item=0 name="/usr/bin/spamc"
flags=1  inode=3349141 dev=fd:00 mode=0100755 ouid=0 ogid=0 rdev=00:00

3. But squirrelmail now works -> the postfix postdrop problem is fixed.
Thank you !

(I'm running with a tail on /var/log/audit/audit.log in a term now)

Regards,

-- 
Nicolas Mailhot
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: Ceci est une partie de message num?riquement sign?e
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20051028/cbaa662f/attachment.sig>