Procmail, Spamassassin, and /etc/shadow
Stephen Smalley
sds at tycho.nsa.gov
Thu Aug 17 11:47:17 UTC 2006
On Wed, 2006-08-16 at 21:38 -0700, Charles A. Crayne wrote:
> With a fully updated FC5 targeted policy, in permissive mode, while sorting
> incoming mail, procmail invokes spamassassin, which wants read and getattr
> permission for file /etc/shadow. I used audit2allow to create an allow
> rule for these cases, but the resulting local.pp module will not load,
> because it triggers an assert rule.
>
> What is the recommended resolution to this issue?
Odds are good that it doesn't truly need those permissions, so use a
dontaudit rule instead of an allow rule, and see if it works then in
enforcing mode. The dontaudit rule will just suppress the audit message
without allowing it to happen.
--
Stephen Smalley
National Security Agency
More information about the fedora-selinux-list
mailing list