[Mimedefang] Selinux AVC's with F25

Philip Prindeville philipp_subx at redfish-solutions.com
Mon Feb 13 12:26:34 EST 2017

[Putting Robert on Bcc…]

I upgraded recently to F25 from F24.  I had configured my MDF service in systemd as stock.

No changes were made to MDF concurrent to the upgrade.

Now I’m seeing a bunch of:

type=AVC msg=audit(1487004730.889:2463): avc:  denied  { read } for  pid=24701 comm="mimedefang.pl" name="razor-agent.log" dev="sda6" ino=9306726 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:spamd_var_run_t:s0 tclass=lnk_file permissive=0

	Was caused by:
		Missing type enforcement (TE) allow rule.

		You can use audit2allow to generate a loadable module to allow this access.

There’s a symlink with that path on my system:

lrwxrwxrwx. 1 defang defang system_u:object_r:spamd_var_run_t:s0 9 Dec 14  2011 /var/spool/MIMEDefang/.razor/razor-agent.log -> /dev/null

and I see it being created via the temp files at startup:

/usr/lib/tmpfiles.d/mimedefang.conf:d /var/spool/MIMEDefang/.razor 0750 defang defang - -
/usr/lib/tmpfiles.d/mimedefang.conf:L+ /var/spool/MIMEDefang/.razor/razor-agent.log - - - - /dev/null

The file is accessed in Razor2::Client::Config, which is pulled into MDF via SpamAssassin which has:

loadplugin Mail::SpamAssassin::Plugin::Razor2

in it.

So, not really sure what the point of a log file pointing at /dev/null would be or why MDF is responsible for creating it given that it’s SpamAssassin that ends up scribbling on it, etc.  Why not skip creating the file, and not write at all if you can’t open it because it doesn’t exist...

Anyone know what the fix for this is?



More information about the MIMEDefang mailing list