LinuxQuestions.org
Visit Jeremy's Blog.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page SELinux vs. spamassassin
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 07-17-2007, 04:14 PM   #1
bluethumb
Member
 
Registered: Jan 2006
Distribution: RHEL 4, Scientific Linux, Centos, Ubuntu
Posts: 58

Rep: Reputation: 15
Question SELinux vs. spamassassin

Operating system: Scientific Linux 5 (a clone of Red Hat Enterprise 5), fully updated

I don't really understand SELinux. As far as I can tell, it has prevented me from doing some things that I want to do, but I haven't seen it block a real threat yet. I'm using it as installed with the O/S, set to permissive mode. It's filling up the log file with messages like
Quote:
Jul 15 04:02:10 hostname setroubleshoot: SELinux is preventing the spamassassin from using potentially mislabeled files (.spamassassin8228JHeKs1tmp).
For complete SELinux messages. run sealert -l 90f3574b-2d67-4d61-af41-3a1a282b716f
Here's what the sealert report says:
Quote:
# sealert -l 90f3574b-2d67-4d61-af41-3a1a282b716f
Summary
SELinux is preventing the spamassassin from using potentially mislabeled
files (.spamassassin8228JHeKs1tmp).

Detailed Description
SELinux has denied spamassassin access to potentially mislabeled file(s)
(.spamassassin8228JHeKs1tmp). This means that SELinux will not allow
spamassassin to use these files. It is common for users to edit files in
their home directory or tmp directories and then move (mv) them to system
directories. The problem is that the files end up with the wrong file
context which confined applications are not allowed to access.

Allowing Access
If you want spamassassin to access this files, you need to relabel them
using restorecon -v .spamassassin8228JHeKs1tmp. You might want to relabel
the entire directory using restorecon -R -v .

Additional Information

Source Context system_u:system_r:procmail_t
Target Context system_u:object_r:tmp_t
Target Objects .spamassassin8228JHeKs1tmp [ file ]
Affected RPM Packages
Policy RPM selinux-policy-2.4.6-30.el5
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Permissive
Plugin Name plugins.home_tmp_bad_labels
Host Name hostname.domain
Platform Linux hostname.domain 2.6.18-8.1.6.el5 #1 SMP
Thu Jun 14 16:07:18 EDT 2007 x86_64 x86_64
Alert Count 1
Line Numbers

Raw Audit Messages

avc: denied { create } for comm="spamassassin" dev=cciss/c0d0p2 egid=500
euid=500 exe="/usr/bin/perl" exit=3 fsgid=500 fsuid=500 gid=500 items=0
name=".spamassassin8228JHeKs1tmp" pid=8228
scontext=system_u:system_r:procmail_t:s0 sgid=500
subj=system_u:system_r:procmail_t:s0 suid=500 tclass=file
tcontext=system_u:object_r:tmp_t:s0 tty=(none) uid=500
It does no good to run restorecon on the file, since it uses a different file name each time. I have tried restorecon on my home directory and /tmp with no apparent effect. (I'm not sure where it's trying to create the file.)

Is there a way to convince SELinux not to do this? Please be gentle.
 
Old 07-17-2007, 05:15 PM   #2
thorn168
Member
 
Registered: Oct 2004
Location: USA
Distribution: Vector Linux 5.1 Std., Vector Linux 5.8 Std., Win2k, XP, OS X (10.4 & 10.5)
Posts: 344

Rep: Reputation: 42
This link may help with your question

http://www.nsa.gov/selinux/info/faq.cfm

and this http://www.nsa.gov/selinux/info/docs.cfm
Last edited by thorn168; 07-17-2007 at 05:16 PM.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
"../system.h :selinux/selinux.h:no such file or directory" ashmita04 Linux From Scratch 4 02-05-2009 03:36 AM
SELinux resende Linux - Kernel 0 12-25-2006 04:35 PM
what is selinux? mesh2005 Linux - General 2 01-04-2006 11:33 AM
SELinux winxshadi76 Linux - Newbie 1 12-03-2004 11:04 AM
spamassassin w/ procmail vs. spamassassin w/sendmail bleunuit Linux - Networking 1 08-01-2004 07:12 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 05:45 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration