Procmail, Spamassassin, and /etc/shadow

Stephen Smalley sds at
Thu Aug 17 11:47:17 UTC 2006

On Wed, 2006-08-16 at 21:38 -0700, Charles A. Crayne wrote:
> With a fully updated FC5 targeted policy, in permissive mode, while sorting
> incoming mail, procmail invokes spamassassin, which wants read and getattr
> permission for file /etc/shadow. I used audit2allow to create an allow
> rule for these cases, but the resulting local.pp module will not load,
> because it triggers an assert rule.
> What is the recommended resolution to this issue?

Odds are good that it doesn't truly need those permissions, so use a
dontaudit rule instead of an allow rule, and see if it works then in
enforcing mode.  The dontaudit rule will just suppress the audit message
without allowing it to happen.

Stephen Smalley
National Security Agency

More information about the fedora-selinux-list mailing list