FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora SELinux Support

 
 
LinkBack Thread Tools
 
Old 11-02-2011, 12:23 PM
"Arthur Dent"
 
Default Spamassassin / GPG Problem

Hello all,

I use Spamassassin on my server. It regularly downloads updated signatures
and checks the download using GPG. Since I upgraded to
selinux-policy-targeted-3.9.16-44.fc15.noarch this week I have been
getting errors reported by Spamassassin:

========8<======================================== ======================
error: GPG validation failed!
The update downloaded successfully, but the GPG signature verification
failed.
channel: GPG validation failed, channel failed
02-Nov-2011 06:05:06: SpamAssassin: Update available, but download or
extract failed
========8<======================================== ======================

I also get the an SELinux AVC (full details below).

What is the best way to deal with this?

Thanks in advance...

Mark

========8<======================================== ======================
SELinux is preventing /usr/bin/gpg from read access on the file
.spamassassin12765zsyG6Ftmp.

***** Plugin catchall (100. confidence) suggests
***************************

If you believe that gpg should be allowed read access on the
.spamassassin12765zsyG6Ftmp file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep gpg /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Additional Information:
Source Context system_u:system_r:gpg_t:s0-s0:c0.c1023
Target Context system_ubject_r:spamd_tmp_t:s0
Target Objects .spamassassin12765zsyG6Ftmp [ file ]
Source gpg
Source Path /usr/bin/gpg
Port <Unknown>
Host mydomain.org.uk
Source RPM Packages gnupg-1.4.11-3.fc15
Target RPM Packages
Policy RPM selinux-policy-3.9.16-44.fc15
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name troodos.org.uk
Platform Linux mydomain.org.uk
2.6.40.6-0.fc15.i686.PAE #1
SMP Tue Oct 4 00:44:38 UTC 2011 i686 i686
Alert Count 2
First Seen Mon Oct 31 05:22:55 2011
Last Seen Wed Nov 2 06:05:06 2011
Local ID bb4e6159-04a3-4e8c-b5f5-f41c0ff80d56

Raw Audit Messages
type=AVC msg=audit(1320213906.154:7990): avc: denied { read } for
pid=12766
comm="gpg" name=".spamassassin12765zsyG6Ftmp" dev=sda5 ino=1058383
scontext=system_u:system_r:gpg_t:s0-s0:c0.c1023
tcontext=system_ubject_r:spamd_tmp_t:s0 tclass=file


type=SYSCALL msg=audit(1320213906.154:7990): arch=i386 syscall=open
success=no
exit=EACCES a0=bfe78f49 a1=8000 a2=0 a3=bfe78f49 items=0 ppid=12765
pid=12766 auid=0
uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none)
ses=1070 comm=gpg
exe=/usr/bin/gpg subj=system_u:system_r:gpg_t:s0-s0:c0.c1023 key=(null)

Hash: gpg,gpg_t,spamd_tmp_t,file,read

audit2allow

#============= gpg_t ==============
allow gpg_t spamd_tmp_t:file read;

audit2allow -R

#============= gpg_t ==============
allow gpg_t spamd_tmp_t:file read;






--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
 
Old 11-02-2011, 01:02 PM
Paul Howarth
 
Default Spamassassin / GPG Problem

On 11/02/2011 01:23 PM, Arthur Dent wrote:
> Hello all,
>
> I use Spamassassin on my server. It regularly downloads updated signatures
> and checks the download using GPG. Since I upgraded to
> selinux-policy-targeted-3.9.16-44.fc15.noarch this week I have been
> getting errors reported by Spamassassin:

https://bugzilla.redhat.com/show_bug.cgi?id=744379

Paul.
--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
 
Old 11-02-2011, 01:14 PM
"Arthur Dent"
 
Default Spamassassin / GPG Problem

> On 11/02/2011 01:23 PM, Arthur Dent wrote:
>> Hello all,
>>
>> I use Spamassassin on my server. It regularly downloads updated
>> signatures
>> and checks the download using GPG. Since I upgraded to
>> selinux-policy-targeted-3.9.16-44.fc15.noarch this week I have been
>> getting errors reported by Spamassassin:
>
> https://bugzilla.redhat.com/show_bug.cgi?id=744379
>
> Paul.
>

Ooops! Sorry...

I meant to check bugzilla before I posted, but somehow I completely forgot.

Sorry for the noise.

Mark



--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
 
Old 11-04-2011, 06:45 AM
Miroslav Grepl
 
Default Spamassassin / GPG Problem

On 11/02/2011 02:14 PM, Arthur Dent wrote:
>> On 11/02/2011 01:23 PM, Arthur Dent wrote:
>>> Hello all,
>>>
>>> I use Spamassassin on my server. It regularly downloads updated
>>> signatures
>>> and checks the download using GPG. Since I upgraded to
>>> selinux-policy-targeted-3.9.16-44.fc15.noarch this week I have been
>>> getting errors reported by Spamassassin:
>> https://bugzilla.redhat.com/show_bug.cgi?id=744379
>>
>> Paul.
>>
> Ooops! Sorry...
>
> I meant to check bugzilla before I posted, but somehow I completely forgot.
>
> Sorry for the noise.
>
> Mark
>
>
>
> --
> selinux mailing list
> selinux@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
A new build should be available today.
--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
 

Thread Tools




All times are GMT. The time now is 02:44 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org