-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Bob Richmond wrote:
I'm trying to make spamd listen on a unix domain socket, and let spamc connect to it. The question is, I can't figure out the intended destination for the spamd socket file (as specified via --socketpath passed to spamd and -U to spamc). I see that spamc_t has permission to connect to a socket with a type of spamd_tmp_t, but there doesn't appear to be an fc rule for where a new socket file would inherit that type.
It makes sense to me that the socket file should exist in /var/run/spamassassin/spamd.sock to be consistent, but /var/run/spamassassin has a type of spamd_var_run_t, where spamc has no permission to connect to a sock_file under. Any help?
I'm running F10, policy version selinux-policy-targeted-3.5.13-18.fc10.
Thanks!
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Currently it is only allowed to connect to a sock file in /tmp, Although it should be allowed to use /var/run/spamassassin.
I will update policy
You can add these rules for now using
# grep avc /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp
Fixed in selinux-policy-3.5.13-29.fc10