Anyone else using F13 or F14 with Selinux set to enforcing mode?
I tried this and had to set it to permissive...
I was seeing the following:
type=AVC msg=audit(1288040380.964:21719): avc: denied { connectto } for pid=1955
comm="sendmail" path="/var/spool/MIMEDefang/mimedefang.sock"
scontext=unconfined_u:system_r:sendmail_t:s0 tcontext=system_u:system_r:initrc_t:s0
tclass=unix_stream_socket
Was caused by:
Missing type enforcement (TE) allow rule.
You can use audit2allow to generate a loadable module to allow this
access.
type=AVC msg=audit(1288040873.720:21726): avc: denied { execute_no_trans } for pid=2221
comm="mimedefang.pl" path="/usr/sbin/sendmail.sendmail" dev=sda3 ino=291976
scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:sendmail_exec_t:s0 tclass=file
Was caused by:
Missing type enforcement (TE) allow rule.
You can use audit2allow to generate a loadable module to allow this
access.
the offending records seem to have been:
type=AVC msg=audit(1288040380.964:21719): avc: denied { connectto } for pid=1955
comm="sendmail" path="/var/spool/MIMEDefang/mimedefang.sock"
scontext=unconfined_u:system_r:sendmail_t:s0 tcontext=system_u:system_r:initrc_t:s0
tclass=unix_stream_socket
type=AVC msg=audit(1288040873.720:21726): avc: denied { execute_no_trans } for pid=2221
comm="mimedefang.pl" path="/usr/sbin/sendmail.sendmail" dev=sda3 ino=291976
scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:sendmail_exec_t:s0 tclass=file
Oh, and it was pointed out that the .sock and .pid files should be going into
/var/run and not /var/spool.
Looking at config.in:
dnl Allow specification of spool dir
AC_ARG_WITH(spooldir,
[ --with-spooldir=DIR specify location of spool directory
(/var/spool/MIMEDefang)],
SPOOLDIR=$with_spooldir, SPOOLDIR=/var/spool/MIMEDefang)
This could easily by changed, but then it should probably be renamed too.
-Philip
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list [email protected]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang