On 07/11/2009 08:06 AM, Vadym Chepkov wrote:
spamassassin rules got updated recently and I got this avc
type=AVC msg=audit(1247216252.200:31900): avc: denied { execute } for pid=24001 comm="spamd" path="/var/lib/spamassassin/compiled/5.010/3.002005/auto/Mail/SpamAssassin/CompiledRegexps/body_0/body_0.so" dev=dm-3 ino=124989 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:spamd_var_lib_t:s0 tclass=file
audit2allow suggests this #============= spamd_t ============== allow spamd_t spamd_var_lib_t:file execute; seems reasonable, but why is it missing in standard policy?
Sincerely yours, Vadym Chepkov
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Vadym, What puts the files in this directory? Are they all shared libraries?
One solution would be to label this directory
# semanage fcontext -a -t lib_t '/var/lib/spamassassin/compiled(/.*)?' # restorecon -R -v /var/lib/spamassassin