Your message dated Mon, 20 Oct 2008 13:47:06 +0000 with message-id <[EMAIL PROTECTED]> and subject line Bug#502274: fixed in refpolicy 2:0.0.20080702-13 has caused the Debian Bug report #502274, regarding no amavis policy, clamd policy instead? to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 502274: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=502274 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems
--- Begin Message ---Package: selinux-policy-default Version: 2:0.0.20080702-12 Severity: important The amavis policy is not shipped in the Debian package, instead all amavis files are tagged as clamd_*. This doesn't work, the following is a snippet from dmesg, with enforce=0: Oct 15 08:02:05 bender kernel: type=1400 audit(1224050525.616:3211): avc: denied { connectto } for pid=30825 comm="amavisd-new" path="/var/run/clamav/clamd.ctl" scontext=system_u:system_r:clamd_t:s0 tcontext=system_u:system_r:clamd_t:s0 tclass=unix_stream_socket Oct 15 08:02:05 bender kernel: type=1400 audit(1224050525.684:3212): avc: denied { name_bind } for pid=30825 comm="amavisd-new" src=15191 scontext=system_u:system_r:clamd_t:s0 tcontext=system_u:object_r:port_t:s0 tclass=udp_socket Oct 15 08:02:05 bender kernel: type=1400 audit(1224050525.720:3213): avc: denied { node_bind } for pid=30825 comm="amavisd-new" src=15191 scontext=system_u:system_r:clamd_t:s0 tcontext=system_u:object_r:inaddr_any_node_t:s0 tclass=udp_socket Oct 15 08:02:08 bender kernel: type=1400 audit(1224050528.317:3214): avc: denied { name_connect } for pid=30825 comm="amavisd-new" dest=10025 scontext=system_u:system_r:clamd_t:s0 tcontext=system_u:object_r:amavisd_send_port_t:s0 tclass=tcp_socket Oct 15 08:02:11 bender kernel: type=1400 audit(1224050531.816:3215): avc: denied { read } for pid=30659 comm="amavisd-new" name="5.8" dev=sda3 ino=14684357 scontext=system_u:system_r:clamd_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=lnk_file Oct 15 08:04:08 bender kernel: type=1400 audit(1224050648.609:3216): avc: denied { read } for pid=32063 comm="file" name="magic.mgc" dev=sda3 ino=10485954 scontext=system_u:system_r:clamd_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=file Oct 15 08:04:08 bender kernel: type=1400 audit(1224050648.645:3217): avc: denied { getattr } for pid=32063 comm="file" path="/usr/share/file/magic.mgc" dev=sda3 ino=10485954 scontext=system_u:system_r:clamd_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=file Oct 15 08:04:09 bender kernel: type=1400 audit(1224050649.024:3218): avc: denied { signull } for pid=30652 comm="amavisd-new" scontext=system_u:system_r:clamd_t:s0 tcontext=system_u:system_r:clamd_t:s0 tclass=process Oct 15 08:06:07 bender kernel: type=1400 audit(1224050766.981:3219): avc: denied { execute } for pid=32092 comm="amavisd-new" name="file" dev=sda3 ino=12584670 scontext=system_u:system_r:clamd_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=file Oct 15 08:06:07 bender kernel: type=1400 audit(1224050767.017:3220): avc: denied { read } for pid=32092 comm="amavisd-new" name="file" dev=sda3 ino=12584670 scontext=system_u:system_r:clamd_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=file Oct 15 08:06:07 bender kernel: type=1400 audit(1224050767.057:3221): avc: denied { execute_no_trans } for pid=32092 comm="amavisd-new" path="/usr/bin/file" dev=sda3 ino=12584670 scontext=system_u:system_r:clamd_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=file Oct 15 08:06:07 bender kernel: type=1400 audit(1224050767.149:3222): avc: denied { ioctl } for pid=31004 comm="amavisd-new" path="/usr/share/perl/5.8.8/unicore/To/Fold.pl" dev=sda3 ino=134640 scontext=system_u:system_r:clamd_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=file Oct 15 08:07:51 bender kernel: type=1400 audit(1224050871.461:3223): avc: denied { node_bind } for pid=32129 comm="amavisd-new" src=2042 scontext=system_u:system_r:clamd_t:s0 tcontext=system_u:object_r:inaddr_any_node_t:s0 tclass=udp_socket Oct 15 08:09:11 bender kernel: type=1400 audit(1224050951.301:3224): avc: denied { name_connect } for pid=31004 comm="amavisd-new" dest=10025 scontext=system_u:system_r:clamd_t:s0 tcontext=system_u:object_r:amavisd_send_port_t:s0 tclass=tcp_socket
--- End Message ---
--- Begin Message ---Source: refpolicy Source-Version: 2:0.0.20080702-13 We believe that the bug you reported is fixed in the latest version of refpolicy, which is due to be installed in the Debian FTP archive: refpolicy_0.0.20080702-13.diff.gz to pool/main/r/refpolicy/refpolicy_0.0.20080702-13.diff.gz refpolicy_0.0.20080702-13.dsc to pool/main/r/refpolicy/refpolicy_0.0.20080702-13.dsc selinux-policy-default_0.0.20080702-13_all.deb to pool/main/r/refpolicy/selinux-policy-default_0.0.20080702-13_all.deb selinux-policy-dev_0.0.20080702-13_all.deb to pool/main/r/refpolicy/selinux-policy-dev_0.0.20080702-13_all.deb selinux-policy-doc_0.0.20080702-13_all.deb to pool/main/r/refpolicy/selinux-policy-doc_0.0.20080702-13_all.deb selinux-policy-mls_0.0.20080702-13_all.deb to pool/main/r/refpolicy/selinux-policy-mls_0.0.20080702-13_all.deb selinux-policy-src_0.0.20080702-13_all.deb to pool/main/r/refpolicy/selinux-policy-src_0.0.20080702-13_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Russell Coker <[EMAIL PROTECTED]> (supplier of updated refpolicy package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Tue, 21 Oct 2008 00:36:00 +1100 Source: refpolicy Binary: selinux-policy-default selinux-policy-mls selinux-policy-src selinux-policy-dev selinux-policy-doc Architecture: source all Version: 2:0.0.20080702-13 Distribution: unstable Urgency: high Maintainer: Russell Coker <[EMAIL PROTECTED]> Changed-By: Russell Coker <[EMAIL PROTECTED]> Description: selinux-policy-default - Strict and Targeted variants of the SELinux policy selinux-policy-dev - Headers from the SELinux reference policy for building modules selinux-policy-doc - Documentation for the SELinux reference policy selinux-policy-mls - MLS (Multi Level Security) variant of the SELinux policy selinux-policy-src - Source of the SELinux reference policy for customization Closes: 502274 Changes: refpolicy (2:0.0.20080702-13) unstable; urgency=high . * Allow spamd_t to create a Unix domain socket. * Allow clamd_t to read files under /usr (for Perl). Allow it to connect to amavisd_send_port_t. Allow it to talk to itself by unix stream sockets and bind to UDP nodes. Closes: #502274 * Allow logrotate_t to transition to webalizer_t for web log processing. * Allow initrc_t to create fixed_disk_device_t nodes under var_run_t, for the case where /etc/fstab has an error regarding the root fs. * Use the Lenny paths for xm, xend, xenstored, and xenconsoled. Add some extra permissions that Xen needs. Checksums-Sha1: 2a0a6d7d7f910d8acf454811e913bc4ab778b082 1493 refpolicy_0.0.20080702-13.dsc cb15e6fadc22736f059c76798db59075e2c6d590 78744 refpolicy_0.0.20080702-13.diff.gz b2c60aa202a00fe83c1c4ddac839b593a2d6dc11 2093912 selinux-policy-default_0.0.20080702-13_all.deb 7e5a193edbee10257f28ea2dc16d0e418f9250a1 2127154 selinux-policy-mls_0.0.20080702-13_all.deb d8c3bc5c81524925ed22c054019658c4e9a37c10 799502 selinux-policy-src_0.0.20080702-13_all.deb 6689e4cdf7a2dd34691a929a960a2ca84c258652 703626 selinux-policy-dev_0.0.20080702-13_all.deb 34de1934f31aaf5d1d654a56659880682720e326 424030 selinux-policy-doc_0.0.20080702-13_all.deb Checksums-Sha256: af95d0065efea4d1d323f90b8c9629fe388e4984741f638137ebd3a24ea4dc02 1493 refpolicy_0.0.20080702-13.dsc 36342b546726fe79940e7db3f0d5fd98301c14e40bad53ee681ead02be3bb76d 78744 refpolicy_0.0.20080702-13.diff.gz dd39f5201e68701bd8f4115526c7089538e02ca1adb7babf65c8584545f7c7ca 2093912 selinux-policy-default_0.0.20080702-13_all.deb bd81b0dd7058bb4ffef1e84b733b9da6f55eb961f4b0f5398711e98fd50ae28c 2127154 selinux-policy-mls_0.0.20080702-13_all.deb 60f1941e60f63a9a8e809fba0981dae0a41cc0ff78850c53334466f30fde3a44 799502 selinux-policy-src_0.0.20080702-13_all.deb 2286f7f75a779eb9c971a906e36c0c2e87144fb134d400cd850ba89607ffa2e8 703626 selinux-policy-dev_0.0.20080702-13_all.deb 59af3561c59182ba5e461c06a6848fc57c351158b9e274642dfaa44e7c2fab92 424030 selinux-policy-doc_0.0.20080702-13_all.deb Files: 009b71287cc2d45f21caab4ef4ca70d0 1493 admin standard refpolicy_0.0.20080702-13.dsc 1e97797906f53f07aa16b8a69507b2aa 78744 admin standard refpolicy_0.0.20080702-13.diff.gz eace6ffddf9811492c4d865c3653dbd8 2093912 admin standard selinux-policy-default_0.0.20080702-13_all.deb a8c67daa161f9a78c9ab18b9d9eb0a0f 2127154 admin extra selinux-policy-mls_0.0.20080702-13_all.deb eb936871eaa61a8c08bf69529fe4a804 799502 admin optional selinux-policy-src_0.0.20080702-13_all.deb 9415a779233660a875ccca731640548d 703626 admin optional selinux-policy-dev_0.0.20080702-13_all.deb 5e6282083bf1de0f66656319813d38ed 424030 doc optional selinux-policy-doc_0.0.20080702-13_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFI/IrawrB5/PXHUlYRApOeAKCqjMnF3FeO87k9wuO3R0GHcZKlfACgr5OZ qm5Ug+XlPPTYd9hv9CcQJwM= =TGvW -----END PGP SIGNATURE-----
--- End Message ---
