On Tue, 12 Dec 2017 13:37:30 +0100 Nicolas Kovacs info@microlinux.fr wrote:
Hi,
Spamassassin has been working nicely on my main server running CentOS 7 and Postfix. SELinux is activated (Enforcing).
Since the most recent update (don't know if it's related to it though) I'm getting the following SELinux error.
--8<----------------------------------------------------------------- SELinux is preventing /usr/bin/perl from 'read, write' accesses on the file /var/log/spamassassin/.spamassassin/bayes_toks.
...
Additional Information: Source Context system_u:system_r:spamd_t:s0 Target Context system_u:object_r:var_log_t:s0
This seems like it should have been denied. You probably don't want system_r:spamd_t to write to var_log_t.
I don't have access to a c7 with spamassasin right now but would guess that /var/log/spamassassin/.spamassassin/bayes_toks should have been a different context (something like spam_log_t).
You can use "ls -Z" on /var/log/spamassassin to find out what context the top level dir has. Then use restorcon (if the policy has the correct data but the real world file/dir is wrong). chcon can be used to test a change but for a permanent fix you'll have to add it to the policy (file context listing).
/Peter K