[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: spamassassin pre-compiled rules

From: Daniel J Walsh <dwalsh redhat com>
To: Vadym Chepkov <chepkov yahoo com>
Cc: Fedora SELinux <fedora-selinux-list redhat com>
Subject: Re: spamassassin pre-compiled rules
Date: Mon, 13 Jul 2009 11:06:48 -0400

On 07/11/2009 08:06 AM, Vadym Chepkov wrote:
> spamassassin rules got updated recently and I got this avc
> 
> type=AVC msg=audit(1247216252.200:31900): avc:  denied  { execute } for  pid=24001 comm="spamd" path="/var/lib/spamassassin/compiled/5.010/3.002005/auto/Mail/SpamAssassin/CompiledRegexps/body_0/body_0.so" dev=dm-3 ino=124989 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:spamd_var_lib_t:s0 tclass=file
> 
> audit2allow suggests this
> #============= spamd_t ==============
> allow spamd_t spamd_var_lib_t:file execute;
> seems reasonable, but why is it missing in standard policy?
> 
> Sincerely yours,
>   Vadym Chepkov
> 
> --
> fedora-selinux-list mailing list
> fedora-selinux-list redhat com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Vadym, What puts the files in this directory?  Are they all shared libraries?

One solution would be to label this directory

# semanage fcontext -a -t lib_t '/var/lib/spamassassin/compiled(/.*)?'
# restorecon -R -v /var/lib/spamassassin

References:
- spamassassin pre-compiled rules
  - From: Vadym Chepkov

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]