[Mimedefang] Selinux issues w/ Fedora?

Wed, 27 Oct 2010 17:04:12 -0700 

Anyone else using F13 or F14 with Selinux set to enforcing mode?

I tried this and had to set it to permissive...

I was seeing the following:


type=AVC msg=audit(1288040380.964:21719): avc:  denied  { connectto } for  pid=1955 
comm="sendmail" path="/var/spool/MIMEDefang/mimedefang.sock" 
scontext=unconfined_u:system_r:sendmail_t:s0 tcontext=system_u:system_r:initrc_t:s0 
tclass=unix_stream_socket

    Was caused by:
        Missing type enforcement (TE) allow rule.

        You can use audit2allow to generate a loadable module to allow this 
access.

type=AVC msg=audit(1288040873.720:21726): avc:  denied  { execute_no_trans } for  pid=2221 
comm="mimedefang.pl" path="/usr/sbin/sendmail.sendmail" dev=sda3 ino=291976 
scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:sendmail_exec_t:s0 tclass=file

    Was caused by:
        Missing type enforcement (TE) allow rule.

        You can use audit2allow to generate a loadable module to allow this 
access.




the offending records seem to have been:

type=AVC msg=audit(1288040380.964:21719): avc:  denied  { connectto } for  pid=1955 
comm="sendmail" path="/var/spool/MIMEDefang/mimedefang.sock" 
scontext=unconfined_u:system_r:sendmail_t:s0 tcontext=system_u:system_r:initrc_t:s0 
tclass=unix_stream_socket
type=AVC msg=audit(1288040873.720:21726): avc:  denied  { execute_no_trans } for  pid=2221 
comm="mimedefang.pl" path="/usr/sbin/sendmail.sendmail" dev=sda3 ino=291976 
scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:sendmail_exec_t:s0 tclass=file




Oh, and it was pointed out that the .sock and .pid files should be going into 
/var/run and not /var/spool.

Looking at config.in:

dnl Allow specification of spool dir
AC_ARG_WITH(spooldir,
[  --with-spooldir=DIR     specify location of spool directory
                          (/var/spool/MIMEDefang)],
        SPOOLDIR=$with_spooldir, SPOOLDIR=/var/spool/MIMEDefang)


This could easily by changed, but then it should probably be renamed too.

-Philip

_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list [email protected]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Reply via email to