On Mon, Feb 02, 2009 at 05:34:47PM +0100, Dominick Grift wrote:
I think, but not sure, that your home space is mislabeled ( especially pyzor_home_t). if my memory serves me correct then labeling for that location has recently changes. It seems that setroubleshoot hasnt been updated to reflect this change yet.
to fix, restorecon -R -v /home, might fix this issue.
hth
Thanks for that suggestion. I tried it, and there were indeed some files that got relabelled - but not the pyzor ones. Do you think that the ones that did are significant in this issue? (Output listed below).
I have already created a local policy using audit2allow and this produced the following:
require { type user_pyzor_home_t; type spamd_t; class file { read getattr }; }
#============= spamd_t ============== allow spamd_t user_pyzor_home_t:file { read getattr };
Do you think I still need this local policy?
Thanks for your help...
Mark
Output of the relabelling (apologies for the line-wrap)...
restorecon -R -v /home restorecon reset /home/mark/.texlive2007/texmf-var/fonts/pk/ljfour/jknappen/ec/ecrm1200.600pk context unconfined_u:object_r:user_tmp_t:s0->system_u:object_r:user_home_t:s0 restorecon reset /home/mark/.texlive2007/texmf-var/fonts/pk/ljfour/jknappen/ec/ectt1000.600pk context unconfined_u:object_r:user_tmp_t:s0->system_u:object_r:user_home_t:s0 restorecon reset /home/mark/.texlive2007/texmf-var/fonts/pk/ljfour/jknappen/ec/ecbx1200.600pk context unconfined_u:object_r:user_tmp_t:s0->system_u:object_r:user_home_t:s0 restorecon reset /home/mark/.texlive2007/texmf-var/fonts/pk/ljfour/jknappen/ec/ecrm1000.600pk context unconfined_u:object_r:user_tmp_t:s0->system_u:object_r:user_home_t:s0 restorecon reset /home/mark/.spamassassin context unconfined_u:object_r:user_home_t:s0->system_u:object_r:user_spamassassin_home_t:s0 restorecon reset /home/mark/.spamassassin/bayes_toks.expire2474 context system_u:object_r:user_home_t:s0->system_u:object_r:user_spamassassin_home_t:s0 restorecon reset /home/mark/.spamassassin/bayes_journal context unconfined_u:object_r:user_home_t:s0->system_u:object_r:user_spamassassin_home_t:s0 restorecon reset /home/mark/.spamassassin/bayes.lock.troodos.org.uk.20547 context unconfined_u:object_r:user_home_t:s0->system_u:object_r:user_spamassassin_home_t:s0 restorecon reset /home/mark/.spamassassin/user_prefs context unconfined_u:object_r:user_home_t:s0->system_u:object_r:user_spamassassin_home_t:s0 restorecon reset /home/mark/.spamassassin/bayes.lock.troodos.org.uk.23935 context unconfined_u:object_r:user_home_t:s0->system_u:object_r:user_spamassassin_home_t:s0 restorecon reset /home/mark/.spamassassin/bayes_seen context unconfined_u:object_r:user_home_t:s0->system_u:object_r:user_spamassassin_home_t:s0 restorecon reset /home/mark/.spamassassin/bayes_toks context unconfined_u:object_r:user_home_t:s0->system_u:object_r:user_spamassassin_home_t:s0 restorecon reset /home/mark/.Xauthority context unconfined_u:object_r:user_home_t:s0->system_u:object_r:user_xauth_home_t:s0