seliux denying spamd write access to its own user home dir

Gene Heskett gene.heskett at verizon.net
Wed Nov 19 18:00:18 UTC 2008 

Greetings;

Just recovering from a drive failure, and just now managed to get enough perl 
deps installed to run spamassassin.

I modified the spamassassin script in /etc/init.d to run it as the same user 
that fetches the mail, also fixed the spamassassin in /etc/sysconfig to 
match, and according to htop, the spamd's are running as that user.

But, selinux is still having a cow for every incoming message.
=========
Source Context:  system_u:system_r:spamd_t:s0
Target Context:  system_u:object_r:home_root_t:s0
Target Objects:  ./user_prefs [ file ]
===temp end of snip

>From that, here is that file:
[root at coyote .spamassassin]# ls -l user_prefs
-rw-r--r-- 1 gene gene 1164 2006-01-16 13:45 user_prefs
[root at coyote .spamassassin]# ls -l --context user_prefs
-rw-r--r--  gene gene system_u:object_r:home_root_t:s0 user_prefs

===back to troubleshooter output

host=coyote.coyote.den type=AVC msg=audit(1227116423.127:797): avc: denied { 
write } for pid=7118 comm="spamd" name="user_prefs" dev=sda3 ino=74942440 
scontext=system_u:system_r:spamd_t:s0 
tcontext=system_u:object_r:home_root_t:s0 tclass=file

host=coyote.coyote.den type=SYSCALL msg=audit(1227116423.127:797): 
arch=40000003 syscall=5 success=no exit=-13 a0=9a83590 a1=8241 a2=1b6 a3=8241 
items=0 ppid=7116 pid=7118 auid=0 uid=501 gid=501 euid=501 suid=501 fsuid=501 
egid=501 sgid=501 fsgid=501 tty=(none) ses=1 comm="spamd" exe="/usr/bin/perl" 
subj=system_u:system_r:spamd_t:s0 key=(null) 
=========
Secondary Q: when are we going to be able to copy & paste from the 
selinuxtroubleshooter screen and preserve the ^%$*^%$( formatting?

I have performed the troubleshooter recommended fix:

setsebool -P spamd_enable_home_dirs=1

and restarted spamassassin several times.

Perms or context problem with the /home dirs?

A bug?

Or I need to do an autorelabel?

The /home dirs, FWIW, were copied from another drive by mc & then 'chown -R 
user:user' when the copy was finished which may not have been the correct 
thing to do FAIK.  But it was the only way I could preserve an email corpus 
that is in the 10Gb area for size.

There are no entries for spamassassin or spamd in /etc/group that I could use 
to make that file a member of.

Fix please?

Thanks.

-- 
Cheers, Gene
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
"Truth never comes into the world but like a bastard, to the ignominy
of him that brought her birth."
-- Milton

More information about the fedora-selinux-list mailing list