On 28 Nov 2017, at 12:15, Colony.three wrote:
[...]
My God. It's full of stars!
This fixed the spamass-milter problem. And it seems to be the correct
way to fix the hundreds of other SELinux errors I have.
You take this box, and put it through a magic tunnel and see if it
looks right.
>> First, copy and paste lines from the log into a file called thing0.log where
>> thing is a mnemonic name for what you're trying to enable. In this example,
>> thing is smartd
>>
>> root# cd; mkdir selinux; cd selinux
>> root# cat > smartd0.log
>> type=AVC msg=audit(1425551687.181:491): avc:
>> On 11/27/2017 10:34 PM, Colony.three wrote:
>>
ExecStartPre=/bin/chown -R spamd:spamd /run/spamassassin
There's a root exploit for the "spamd" user in that last line. Assuming
you got the tmpfiles.d thing working, you should delete those
ExecStartPre commands.
>>>
>>>
On 11/27/2017 10:34 PM, Colony.three wrote:
ExecStartPre=/bin/chown -R spamd:spamd /run/spamassassin
There's a root exploit for the "spamd" user in that last line. Assuming
you got the tmpfiles.d thing working, you should delete those
ExecStartPre commands.
Can you explain further please?
On 11/27/2017 10:34 PM, Colony.three wrote:
>> ExecStartPre=/bin/chown -R spamd:spamd /run/spamassassin
>>
>> There's a root exploit for the "spamd" user in that last line. Assuming
>> you got the tmpfiles.d thing working, you should delete those
>> ExecStartPre commands.
>
> Can you explain
>I am really trying to not turn off SELinux with this server, and only have
>this one showstopper error. But I don't know what to do with this gibberish:
Here's an extract from a page I wrote about SELinux (not currently published,
or I could just send you the link).
--->8---
This is where
On 27 Nov 2017, at 22:45 (-0500), Colony.three wrote:
>> Is anyone using the unix:socket for spamaassassin's milter?
>> When I turned on SELinux, it will not let me change the group of the
>> spamass-milter socket. (/run/spamass-milter/postfix/sock)
>> /var/log/messages
>> spamass-milter: group
On 27 Nov 2017, at 22:45 (-0500), Colony.three wrote:
Is anyone using the unix:socket for spamaassassin's milter?
When I turned on SELinux, it will not let me change the group of the
spamass-milter socket. (/run/spamass-milter/postfix/sock)
/var/log/messages
spamass-milter: group option,
Is anyone using the unix:socket for spamaassassin's milter?
When I turned on SELinux, it will not let me change the group of the
spamass-milter socket. (/run/spamass-milter/postfix/sock)
/var/log/messages
spamass-milter: group option, chown: Operation not permitted
G**gle's baffled how to set
On 11/27/2017 11:53 AM, Colony.three wrote:
>> It simply would not create /run/spamassassin directory on boot. It is
>> supposed to create it automatically like clamd does, since /run is wiped
>> at each boot. To make it work I finally had to add:
>> ExecStartPre=/usr/bin/mkdir
On 11/27/2017 11:53 AM, Colony.three wrote:
>
> It simply would not create /run/spamassassin directory on boot. It is
> supposed to create it automatically like clamd does, since /run is wiped
> at each boot. To make it work I finally had to add:
> ExecStartPre=/usr/bin/mkdir /run/spamassassin
On Mon, 27 Nov 2017, sha...@shanew.net wrote:
I wonder if it's worth adding a note to the wiki, or even the
--socketpath section of the spamd man-page?
*That* would be something the SA team *could* do...
I'd be happy to do the commit if someone could provide some text.
On Mon, 27 Nov
> sha...@shanew.net kirjoitti 27.11.2017 kello 20.32:
>
> or what it's worth, there's no
> tmpfiles.d entry on my Ubuntu or Gentoo systems (Gentoo does its
> thing in the init script).
Debian (well, Raspbian for me) does have it. Apparently Ubuntu has removed it!
signature.asc
Description:
tmpfiles.d became a thing when /run became a temporary filesystem, so
it is relatively new. And most of the time packages install the
necessary files in /usr/lib/tmpfiles.d, so admins may have never run up
against this issue since it became a thing.
As John says, you can file a bug report with
On Mon, 27 Nov 2017, Colony.three wrote:
I suspect you need an entry in /etc/tmpfiles.d so that directory gets
created at boot time.
Indeed there is no tmpfiles in the spamassassin package. (I've never heard of
this in 22 years) How can this be, in the 21st Century? As I'd suspected,
I suspect you need an entry in /etc/tmpfiles.d so that directory gets
> created at boot time.
>
> Google tmpfiles.d or see this redhat blog page:
> https://developers.redhat.com/blog/2016/09/20/managing-temporary-files-with-systemd-tmpfiles-on-rhel7/
Indeed there is no tmpfiles in the
I suspect you need an entry in /etc/tmpfiles.d so that directory gets
created at boot time.
Google tmpfiles.d or see this redhat blog page:
https://developers.redhat.com/blog/2016/09/20/managing-temporary-files-with-systemd-tmpfiles-on-rhel7/
On Mon, 27 Nov 2017, Colony.three wrote:
I have
I have fought with this for days, and finally had to hotwire it. But I'd like
to understand what's going on.
RHEL7 with spamassassin 3.4.0 and spamass-milter-postfix 0.4.0.
/etc/sysconfig/spamassassin
SPAMDOPTIONS="--daemonize --create-prefs --max-children=5 --username=spamd
18 matches
Mail list logo
