Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1378164
Summary: | spamassassin triggers selinux alert | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | dan |
Component: | selinux-policy | Assignee: | Lukas Vrabec <lvrabec> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | 25 | CC: | dominick.grift, dwalsh, jjelen, kevin, lvrabec, mgrepl, nb, plautrba, wtogami |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | selinux-policy-3.13.1-225.3.fc25 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2016-12-12 23:58:23 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
dan
2016-09-21 17:01:10 UTC
Yeah, this is fallout from adding a dep on perl-Razor-Agent... Hopefully we can adjust policy to allow this. :) Moving to selinux-policy for comment. This package has changed ownership in the Fedora Package Database. Reassigning to the new owner of this component. Any way we can move this forward? I am willing to provide any additional info required. Dan, Could you reproduce this issue and then attach raw AVC msgs? Steps: 1. reproduce issue 2. # ausearch -m AVC,USER_AVC -ts recent Thanks. time->Mon Nov 7 15:41:36 2016 type=AVC msg=audit(1478551296.828:5773): avc: denied { getattr } for pid=3173 comm="spamd" path="/var/spool/spamassassin/.razor/identity" dev="dm-0" ino=7471138 scontext=system_u:system_r:spamd_t:s0 tcontext=unconfined_u:object_r:spamd_spool_t:s0 tclass=lnk_file permissive=0 Here's another, slightly different string for comm= time->Mon Nov 7 15:43:52 2016 type=AVC msg=audit(1478551432.066:5774): avc: denied { getattr } for pid=3182 comm=7370616D64206368696C64 path="/var/spool/spamassassin/.razor/identity" dev="dm-0" ino=7471138 scontext=system_u:system_r:spamd_t:s0 tcontext=unconfined_u:object_r:spamd_spool_t:s0 tclass=lnk_file permissive=0 Exists in FC25. Identity was symlink to actual identity-something file...removed symlink, now working with policy 3.13.1-225.1. selinux-policy-3.13.1-225.3.fc25 has been submitted as an update to Fedora 25. https://bodhi.fedoraproject.org/updates/FEDORA-2016-f24b3ddc6a selinux-policy-3.13.1-225.3.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-f24b3ddc6a selinux-policy-3.13.1-225.3.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report. |