[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: spamassassin pre-compiled rules
- From: Daniel J Walsh <dwalsh redhat com>
- To: Vadym Chepkov <chepkov yahoo com>
- Cc: Fedora SELinux <fedora-selinux-list redhat com>
- Subject: Re: spamassassin pre-compiled rules
- Date: Mon, 13 Jul 2009 11:23:37 -0400
On 07/13/2009 11:19 AM, Vadym Chepkov wrote:
> sa-compile scripts puts them there, it runs manually from the cron.
> sa-compile call is not part of the standard Fedora package and as I said earlier, this context already exists in the standard policy, furthermore, Dan, you added it the by my request :) But even though it exists, it is being ignored when the library is created, I am not really sure how sa-compile script does it, but 'restorecon -R' afterward seems like an appropriate workaround.
>
> Sincerely yours,
> Vadym Chepkov
>
>
> --- On Mon, 7/13/09, Daniel J Walsh <dwalsh redhat com> wrote:
>
>> From: Daniel J Walsh <dwalsh redhat com>
>> Subject: Re: spamassassin pre-compiled rules
>> To: "Vadym Chepkov" <chepkov yahoo com>
>> Cc: "Fedora SELinux" <fedora-selinux-list redhat com>
>> Date: Monday, July 13, 2009, 11:06 AM
>> On 07/11/2009 08:06 AM, Vadym Chepkov
>> wrote:
>>> spamassassin rules got updated recently and I got this
>> avc
>>> type=AVC msg=audit(1247216252.200:31900): avc:
>> denied { execute } for pid=24001 comm="spamd"
>> path="/var/lib/spamassassin/compiled/5.010/3.002005/auto/Mail/SpamAssassin/CompiledRegexps/body_0/body_0.so"
>> dev=dm-3 ino=124989 scontext=system_u:system_r:spamd_t:s0
>> tcontext=system_u:object_r:spamd_var_lib_t:s0 tclass=file
>>> audit2allow suggests this
>>> #============= spamd_t ==============
>>> allow spamd_t spamd_var_lib_t:file execute;
>>> seems reasonable, but why is it missing in standard
>> policy?
>>> Sincerely yours,
>>> Vadym Chepkov
>>>
>>> --
>>> fedora-selinux-list mailing list
>>> fedora-selinux-list redhat com
>>> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>> Vadym, What puts the files in this directory? Are
>> they all shared libraries?
>>
>> One solution would be to label this directory
>>
>> # semanage fcontext -a -t lib_t
>> '/var/lib/spamassassin/compiled(/.*)?'
>> # restorecon -R -v /var/lib/spamassassin
>>
>>
>>
Vadym, can you create a patch for them to add a restorecon after they create the libraries.
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]