Choosing A Webhost:
A web hosting service is a type of Internet hosting service that allows individuals and organizations to provide their own website accessible via the World Wide Web. Web hosts are companies that provide space on a server they own for use by their clients as well as providing Internet connectivity, typically in a data center. Web hosts can also provide data center space and connectivity to the Internet for servers they do not own to be located in their data center, called colocation. more...
|
Re: procmail is not allowed to talk to spamassassin: msg#00163
|
Subject: |
Re: procmail is not allowed to talk to spamassassin |
Le vendredi 28 octobre 2005 à 16:21 -0400, Daniel J Walsh a écrit :
>
> Updated policy on ftp://people.redhat.com/dwalsh/SELinux/Fedora/
>
> Should fix both problems.
Thanks, that was quick. However :
1. the avahi changes need more cooking :
rpm -Uvh selinux-policy-targeted-1.27.2-9.noarch.rpm
Préparation... ###########################################
[100%]
1:selinux-policy-targeted###########################################
[100%]
/etc/selinux/targeted/contexts/files/file_contexts: line 776 has
invalid
context system_u:object_r:avahi_exec_t:s0:s0
/etc/selinux/targeted/contexts/files/file_contexts: line 777 has
invalid
context system_u:object_r:avahi_exec_t:s0:s0
/etc/selinux/targeted/contexts/files/file_contexts: line 778 has
invalid
context system_u:object_r:avahi_var_run_t:s0:s0
/var/lib is already defined in
/etc/selinux/targeted/contexts/files/file_contexts,
/usr/sbin/genhomedircon will not create a new context.
2. procmail still has trouble invoquing spamc
type=AVC msg=audit(1130531640.621:489): avc: denied { execute } for
pid=6118 comm="procmail" name="spamc" dev=dm-0 ino=3349141
scontext=system_u:system_r:postfix_local_t:s0
tcontext=system_u:object_r:spamc_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1130531640.621:489): arch=c000003e syscall=59
success=no exit=-13 a0=51c1a1 a1=51c140 a2=51bf90 a3=51c1a1 items=1
pid=6118 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500
egid=500 sgid=500 fsgid=500 comm="procmail" exe="/usr/bin/procmail"
type=CWD msg=audit(1130531640.621:489): cwd="/home/nim/.maildir"
type=PATH msg=audit(1130531640.621:489): item=0 name="/usr/bin/spamc"
flags=101 inode=3349141 dev=fd:00 mode=0100755 ouid=0 ogid=0 rdev=00:00
type=AVC msg=audit(1130531640.625:490): avc: denied { getattr } for
pid=6118 comm="sh" name="spamc" dev=dm-0 ino=3349141
scontext=system_u:system_r:postfix_local_t:s0
tcontext=system_u:object_r:spamc_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1130531640.625:490): arch=c000003e syscall=4
success=no exit=-13 a0=6bf780 a1=7fffff877bf0 a2=7fffff877bf0 a3=2
items=1 pid=6118 auid=4294967295 uid=500 gid=500 euid=500 suid=500
fsuid=500 egid=500 sgid=500 fsgid=500 comm="sh" exe="/bin/bash"
type=AVC_PATH msg=audit(1130531640.625:490): path="/usr/bin/spamc"
type=CWD msg=audit(1130531640.625:490): cwd="/home/nim/.maildir"
type=PATH msg=audit(1130531640.625:490): item=0 name="/usr/bin/spamc"
flags=1 inode=3349141 dev=fd:00 mode=0100755 ouid=0 ogid=0 rdev=00:00
3. But squirrelmail now works -> the postfix postdrop problem is fixed.
Thank you !
(I'm running with a tail on /var/log/audit/audit.log in a term now)
Regards,
--
Nicolas Mailhot
signature.asc
Description: Ceci est une partie de message =?ISO-8859-1?Q?num=E9riquement?= =?ISO-8859-1?Q?_sign=E9e?=
|
| |
