Yup, you nailed it.
I filed a bug against Selinux on Fedora.
Here's the policy I ended up using:
module local 1.0;
require {
type spamd_var_run_t;
type spamd_t;
type clamd_var_run_t;
type clamd_t;
class sock_file write;
class unix_stream_socket connectto;
class dir { read search open getattr };
class file { read getattr open };
}
#============= clamd_t ==============
allow clamd_t spamd_var_run_t:dir { read search open getattr };
allow clamd_t spamd_var_run_t:file { read getattr open };
#============= spamd_t ==============
allow spamd_t clamd_t:unix_stream_socket connectto;
allow spamd_t clamd_var_run_t:sock_file write;
On 11/13/11 8:58 AM, Aniruddha Barua wrote:
> Hi Philip,
>
> If SELINUX is enabled in your system, try after disabling it, also the little
> annoyance might go away.
>
>
> --Aniruddha Barua.
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
