spamc / spamd communication problem
Daniel J Walsh
dwalsh at redhat.com
Tue Dec 2 21:32:36 UTC 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Bob Richmond wrote:
> I'm trying to make spamd listen on a unix domain socket, and let spamc
> connect to it. The question is, I can't figure out the intended
> destination for the spamd socket file (as specified via --socketpath
> passed to spamd and -U to spamc). I see that spamc_t has permission to
> connect to a socket with a type of spamd_tmp_t, but there doesn't appear
> to be an fc rule for where a new socket file would inherit that type.
>
> It makes sense to me that the socket file should exist in
> /var/run/spamassassin/spamd.sock to be consistent, but
> /var/run/spamassassin has a type of spamd_var_run_t, where spamc has no
> permission to connect to a sock_file under. Any help?
>
> I'm running F10, policy version selinux-policy-targeted-3.5.13-18.fc10.
>
> Thanks!
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Currently it is only allowed to connect to a sock file in /tmp,
Although it should be allowed to use /var/run/spamassassin.
I will update policy
You can add these rules for now using
# grep avc /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp
Fixed in selinux-policy-3.5.13-29.fc10
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkk1qXQACgkQrlYvE4MpobOpNACeOVVplPU+IG9QALu6UdBLUaMw
0GUAoJ+d23rJPHb5LhSzrPTt/DNEZCnH
=HHE9
-----END PGP SIGNATURE-----
More information about the fedora-selinux-list
mailing list