spamassassin transition

Vadym Chepkov chepkov at yahoo.com
Mon Aug 3 13:31:31 UTC 2009 

I filed bugzilla report about it, https://bugzilla.redhat.com/show_bug.cgi?id=509644
 
Sincerely yours,
  Vadym Chepkov


--- On Sun, 8/2/09, Scott Radvan <sradvan at redhat.com> wrote:

> From: Scott Radvan <sradvan at redhat.com>
> Subject: spamassassin transition
> To: fedora-selinux-list at redhat.com
> Date: Sunday, August 2, 2009, 8:20 PM
> Hi,
> 
> 
> Working on the Postfix chapter in my SELinux managing
> confined services
> book [0] and am having trouble with Postfix/spamassassin. 
> 
> I have got email traversing back and forth just fine, but I
> am trying to
> invoke a denial or a problem for which I can document the
> work-around.
> spamassassin_can_network seems to be a good Boolean to
> explain, show
> the denial and then show the work-around for. 
> 
> This Boolean is off by default, which as far as I can tell
> would stop
> spamassassin from launching as a daemon listening on the
> machine's
> actual IP/interface.
> 
> But my problem is that it is launching without a problem
> and listening
> on the machine's interface without error. I am assuming
> that it is
> working fine because the spamassassin processes are only
> launching as
> initrc_t, when it should be transitioning to something
> else..?
> 
> # ps -eZ | grep spamd
> unconfined_u:system_r:initrc_t:s0 3085 ?   
>    00:00:01 spamd
> unconfined_u:system_r:initrc_t:s0 3087 ?   
>    00:00:00 spamd
> unconfined_u:system_r:initrc_t:s0 3088 ?   
>    00:00:00 spamd
> 
> # ls -lZ /etc/init.d/spamassassin 
> -rwxr-xr-x.
> rootrootsystem_u:object_r:initrc_exec_t:s0
> /etc/init.d/spamassassin
> 
> (I tried labelling this differently to this default
> setting, to
> spamd_initrc_exec_t, but to no avail.)
> 
> # getsebool -a  | grep spam
> spamassassin_can_network --> off
> spamd_enable_home_dirs --> on
> 
> Basically I need to make sure spamassassin is starting
> normally so that
> the Boolean mentioned will block access. So any help is
> appreciated,
> should spamassassin as a daemon transition to something
> other than
> initrc_t? And how do I get it to do so? 
> 
> Or am I going down the wrong track to get this Boolean
> which is off by
> default to do something which I can demonstrate and fix?
> 
> Thank you,
> 
> -- 
> Scott Radvan
> Content Author, Platform (Installation and Deployment)
> Red Hat Asia Pacific (Brisbane) http://www.apac.redhat.com
> 
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>

More information about the fedora-selinux-list mailing list