[CentOS] Spamassassin vs. SELinux trouble

Gordon Messmer gordon.messmer at gmail.com
Tue Dec 12 20:25:45 UTC 2017


On 12/12/2017 04:37 AM, Nicolas Kovacs wrote:
> Spamassassin has been working nicely on my main server running CentOS 7
> and Postfix. SELinux is activated (Enforcing).
> ...
> SELinux is preventing /usr/bin/perl from 'read, write' accesses on the
> file /var/log/spamassassin/.spamassassin/bayes_toks.
> ...
> Source Context                system_u:system_r:spamd_t:s0
> Target Context                system_u:object_r:var_log_t:s0

You may have had a custom context set on /var/log/spamassassin or a 
sub-path in the past, overwritten by a recent update.  That's a normal 
occurrence if you set context using chcon rather than "semanage 
fcontext".  The latter is persistent; the former is not.

Spamassassin can write to /var/lib/spamassassin, which makes that a more 
suitable location for bayes_toks than /var/log.  However, if you'd 
prefer to keep your bayes_toks file where it is, use:

   semanage fcontext -a -t spamd_var_lib_t 
/var/log/spamassassin/.spamassassin
   restorecon -Rv /var/log/spamassassin/.spamassassin

That should set a new context for the path in your local policy, and 
then apply that context.  Afterward, spamd should be able to write to 
that path.



More information about the CentOS mailing list