On 12/12/2017 04:37 AM, Nicolas Kovacs wrote:
Spamassassin has been working nicely on my main server running CentOS 7 and Postfix. SELinux is activated (Enforcing). ... SELinux is preventing /usr/bin/perl from 'read, write' accesses on the file /var/log/spamassassin/.spamassassin/bayes_toks. ... Source Context system_u:system_r:spamd_t:s0 Target Context system_u:object_r:var_log_t:s0
You may have had a custom context set on /var/log/spamassassin or a sub-path in the past, overwritten by a recent update. That's a normal occurrence if you set context using chcon rather than "semanage fcontext". The latter is persistent; the former is not.
Spamassassin can write to /var/lib/spamassassin, which makes that a more suitable location for bayes_toks than /var/log. However, if you'd prefer to keep your bayes_toks file where it is, use:
semanage fcontext -a -t spamd_var_lib_t /var/log/spamassassin/.spamassassin restorecon -Rv /var/log/spamassassin/.spamassassin
That should set a new context for the path in your local policy, and then apply that context. Afterward, spamd should be able to write to that path.