FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora SELinux Support

 
 
LinkBack Thread Tools
 
Old 05-16-2008, 08:10 AM
Daniel Fazekas
 
Default spamc not working from procmail in Fedora 9

SELinux appears to stop spamc from being called from procmail:
type=1401 audit(1210924808.115:14): security_compute_sid: invalid
context system_u:system_r:spamc_t:s0 for
scontext=system_u:system_rrocmail_t:s0
tcontext=system_ubject_r:spamc_exec_t:s0 tclass=process


procmail logs:
/usr/bin/spamc: /usr/bin/spamc: cannot execute binary file
procmail: Error while writing to "/usr/bin/spamc"
procmail: Rescue of unfiltered data succeeded

In my .procmailrc I have this line:
INCLUDERC=/etc/mail/spamassassin/spamassassin-spamc.rc

Used to work fine in previous releases of Fedora.
Is there anything I could set to allow this?

I have already tried a full touch ./autorelabel && reboot, it didn't
help.


SELinux is using
selinux-policy-targeted-3.3.1-42.fc9.noarch
selinux-policy-3.3.1-42.fc9.noarch

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 05-16-2008, 12:19 PM
Stephen Smalley
 
Default spamc not working from procmail in Fedora 9

On Fri, 2008-05-16 at 10:10 +0200, Daniel Fazekas wrote:
> SELinux appears to stop spamc from being called from procmail:
> type=1401 audit(1210924808.115:14): security_compute_sid: invalid
> context system_u:system_r:spamc_t:s0 for
> scontext=system_u:system_rrocmail_t:s0
> tcontext=system_ubject_r:spamc_exec_t:s0 tclass=process

Create a local policy module either via audit2allow or by hand to permit
it. The rule in particular that is missing is "role system_r types
spamc_t;".

The audit2allow way:
# grep spamc /var/log/audit/audit.log | audit2allow -M myspamc
# semodule -i myspamc.pp

The hand-written way:
# cat myspamc.te
policy_module(myspamc, 1.0)
require {
role system_r;
type spamc_t;
}
role system_r types spamc_t;
# make -f /usr/share/selinux/devel/Makefile myspamc.pp
# semodule -i myspamc.pp


>
> procmail logs:
> /usr/bin/spamc: /usr/bin/spamc: cannot execute binary file
> procmail: Error while writing to "/usr/bin/spamc"
> procmail: Rescue of unfiltered data succeeded
>
> In my .procmailrc I have this line:
> INCLUDERC=/etc/mail/spamassassin/spamassassin-spamc.rc
>
> Used to work fine in previous releases of Fedora.
> Is there anything I could set to allow this?
>
> I have already tried a full touch ./autorelabel && reboot, it didn't
> help.
>
> SELinux is using
> selinux-policy-targeted-3.3.1-42.fc9.noarch
> selinux-policy-3.3.1-42.fc9.noarch
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
--
Stephen Smalley
National Security Agency

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 

Thread Tools




All times are GMT. The time now is 04:39 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org