Philip Prindeville
2017-02-13 17:26:34 UTC
[Putting Robert on Bcc…]
I upgraded recently to F25 from F24. I had configured my MDF service in systemd as stock.
No changes were made to MDF concurrent to the upgrade.
Now I’m seeing a bunch of:
type=AVC msg=audit(1487004730.889:2463): avc: denied { read } for pid=24701 comm="mimedefang.pl" name="razor-agent.log" dev="sda6" ino=9306726 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:spamd_var_run_t:s0 tclass=lnk_file permissive=0
Was caused by:
Missing type enforcement (TE) allow rule.
You can use audit2allow to generate a loadable module to allow this access.
There’s a symlink with that path on my system:
lrwxrwxrwx. 1 defang defang system_u:object_r:spamd_var_run_t:s0 9 Dec 14 2011 /var/spool/MIMEDefang/.razor/razor-agent.log -> /dev/null
and I see it being created via the temp files at startup:
/usr/lib/tmpfiles.d/mimedefang.conf:d /var/spool/MIMEDefang/.razor 0750 defang defang - -
/usr/lib/tmpfiles.d/mimedefang.conf:L+ /var/spool/MIMEDefang/.razor/razor-agent.log - - - - /dev/null
The file is accessed in Razor2::Client::Config, which is pulled into MDF via SpamAssassin which has:
loadplugin Mail::SpamAssassin::Plugin::Razor2
in it.
So, not really sure what the point of a log file pointing at /dev/null would be or why MDF is responsible for creating it given that it’s SpamAssassin that ends up scribbling on it, etc. Why not skip creating the file, and not write at all if you can’t open it because it doesn’t exist...
Anyone know what the fix for this is?
Thanks,
-Philip
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list ***@lists.roaringpenguin.com
http://lists.roaringpengu
I upgraded recently to F25 from F24. I had configured my MDF service in systemd as stock.
No changes were made to MDF concurrent to the upgrade.
Now I’m seeing a bunch of:
type=AVC msg=audit(1487004730.889:2463): avc: denied { read } for pid=24701 comm="mimedefang.pl" name="razor-agent.log" dev="sda6" ino=9306726 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:spamd_var_run_t:s0 tclass=lnk_file permissive=0
Was caused by:
Missing type enforcement (TE) allow rule.
You can use audit2allow to generate a loadable module to allow this access.
There’s a symlink with that path on my system:
lrwxrwxrwx. 1 defang defang system_u:object_r:spamd_var_run_t:s0 9 Dec 14 2011 /var/spool/MIMEDefang/.razor/razor-agent.log -> /dev/null
and I see it being created via the temp files at startup:
/usr/lib/tmpfiles.d/mimedefang.conf:d /var/spool/MIMEDefang/.razor 0750 defang defang - -
/usr/lib/tmpfiles.d/mimedefang.conf:L+ /var/spool/MIMEDefang/.razor/razor-agent.log - - - - /dev/null
The file is accessed in Razor2::Client::Config, which is pulled into MDF via SpamAssassin which has:
loadplugin Mail::SpamAssassin::Plugin::Razor2
in it.
So, not really sure what the point of a log file pointing at /dev/null would be or why MDF is responsible for creating it given that it’s SpamAssassin that ends up scribbling on it, etc. Why not skip creating the file, and not write at all if you can’t open it because it doesn’t exist...
Anyone know what the fix for this is?
Thanks,
-Philip
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list ***@lists.roaringpenguin.com
http://lists.roaringpengu