[Mimedefang] Selinux AVC's with F25
Philip Prindeville
philipp_subx at redfish-solutions.com
Mon Feb 13 12:26:34 EST 2017
[Putting Robert on Bcc…]
I upgraded recently to F25 from F24. I had configured my MDF service in systemd as stock.
No changes were made to MDF concurrent to the upgrade.
Now I’m seeing a bunch of:
type=AVC msg=audit(1487004730.889:2463): avc: denied { read } for pid=24701 comm="mimedefang.pl" name="razor-agent.log" dev="sda6" ino=9306726 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:spamd_var_run_t:s0 tclass=lnk_file permissive=0
Was caused by:
Missing type enforcement (TE) allow rule.
You can use audit2allow to generate a loadable module to allow this access.
There’s a symlink with that path on my system:
lrwxrwxrwx. 1 defang defang system_u:object_r:spamd_var_run_t:s0 9 Dec 14 2011 /var/spool/MIMEDefang/.razor/razor-agent.log -> /dev/null
and I see it being created via the temp files at startup:
/usr/lib/tmpfiles.d/mimedefang.conf:d /var/spool/MIMEDefang/.razor 0750 defang defang - -
/usr/lib/tmpfiles.d/mimedefang.conf:L+ /var/spool/MIMEDefang/.razor/razor-agent.log - - - - /dev/null
The file is accessed in Razor2::Client::Config, which is pulled into MDF via SpamAssassin which has:
loadplugin Mail::SpamAssassin::Plugin::Razor2
in it.
So, not really sure what the point of a log file pointing at /dev/null would be or why MDF is responsible for creating it given that it’s SpamAssassin that ends up scribbling on it, etc. Why not skip creating the file, and not write at all if you can’t open it because it doesn’t exist...
Anyone know what the fix for this is?
Thanks,
-Philip
More information about the MIMEDefang
mailing list