[CentOS] Spamassassin vs. SELinux trouble

Tue Dec 12 12:37:30 UTC 2017
Nicolas Kovacs <info at microlinux.fr>


Spamassassin has been working nicely on my main server running CentOS 7
and Postfix. SELinux is activated (Enforcing).

Since the most recent update (don't know if it's related to it though)
I'm getting the following SELinux error.

SELinux is preventing /usr/bin/perl from 'read, write' accesses on the
file /var/log/spamassassin/.spamassassin/bayes_toks.

*****  Plugin catchall (100. confidence) suggests

If you believe that perl should be allowed read write access on the
bayes_toks file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
allow this access for now by executing:
# ausearch -c '7370616D64206368696C64' --raw | audit2allow -M
# semodule -i my-7370616D64206368696C64.pp

Additional Information:
Source Context                system_u:system_r:spamd_t:s0
Target Context                system_u:object_r:var_log_t:s0
Target Objects
/var/log/spamassassin/.spamassassin/bayes_toks [
                              file ]
Source                        7370616D64206368696C64
Source Path                   /usr/bin/perl
Port                          <Unknown>
Host                          <Unknown>
Source RPM Packages           perl-5.16.3-292.el7.x86_64
Target RPM Packages
Policy RPM                    selinux-policy-3.13.1-166.el7_4.7.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing


Unfortunately the suggested solution does not work, e. g. the following
command returns nothing:

# ausearch -c '7370616D64206368696C64' --raw

Now I'm clueless. Any suggestions?


Microlinux - Solutions informatiques durables
7, place de l'église - 30730 Montpezat
Site : https://www.microlinux.fr
Blog : https://blog.microlinux.fr
Mail : info at microlinux.fr
Tél. : 04 66 63 10 32