[Putting Robert on Bcc…]
I upgraded recently to F25 from F24. I had configured my MDF service in
systemd as stock.
No changes were made to MDF concurrent to the upgrade.
Now I’m seeing a bunch of:
type=AVC msg=audit(1487004730.889:2463): avc: denied { read } for pid=24701
comm="mimedefang.pl" name="razor-agent.log" dev="sda6" ino=9306726
scontext=system_u:system_r:spamd_t:s0
tcontext=system_u:object_r:spamd_var_run_t:s0 tclass=lnk_file permissive=0
Was caused by:
Missing type enforcement (TE) allow rule.
You can use audit2allow to generate a loadable module to allow
this access.
There’s a symlink with that path on my system:
lrwxrwxrwx. 1 defang defang system_u:object_r:spamd_var_run_t:s0 9 Dec 14 2011
/var/spool/MIMEDefang/.razor/razor-agent.log -> /dev/null
and I see it being created via the temp files at startup:
/usr/lib/tmpfiles.d/mimedefang.conf:d /var/spool/MIMEDefang/.razor 0750 defang
defang - -
/usr/lib/tmpfiles.d/mimedefang.conf:L+
/var/spool/MIMEDefang/.razor/razor-agent.log - - - - /dev/null
The file is accessed in Razor2::Client::Config, which is pulled into MDF via
SpamAssassin which has:
loadplugin Mail::SpamAssassin::Plugin::Razor2
in it.
So, not really sure what the point of a log file pointing at /dev/null would be
or why MDF is responsible for creating it given that it’s SpamAssassin that
ends up scribbling on it, etc. Why not skip creating the file, and not write
at all if you can’t open it because it doesn’t exist...
Anyone know what the fix for this is?
Thanks,
-Philip
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
