Re: pyzor and SELinux

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Antony Nguyen wrote:

Hello,
It appears that the pyzor spam filtering process and selinux don't like each other on an up-to-date FC4 system:
type=AVC msg=audit(1142747621.765:115624): avc: denied { name_connect } for pid=23305 comm="pyzor" dest=80 scontext=root:system_r:spamd_t tcontext=system_u:object_r:http_port_t tclass=tcp_socket type=SYSCALL msg=audit(1142747621.765:115624): arch=c000003e syscall=42 success=no exit=-13 a0=3 a1=2aaaadb00ec0 a2=10 a3=0 items=0 pid=23305 auid=500 uid=502 gid=0 euid=502 suid=502 fsuid=502 egid=502 sgid=502 fsgid=502 comm="pyzor" exe="/usr/bin/python" type=SOCKADDR msg=audit(1142747621.765:115624): saddr=020000504223FAD10000000000000000
Can anyone give me a hint as to how to add an selinux policy for pyzor or enable its ability to resolve names? 

Thanks,
Tony
This means that spamd command pyzor is trying to connect to an httpd_port. Is this expected/legitimate behaviour? I see that a pyzor policy was written in the example policy but was never turned on in FC4. This pyzor policy does not allow connections to the httpd_port_t (80) either.
[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux