On 12/12/2017 04:37 AM, Nicolas Kovacs wrote: > Spamassassin has been working nicely on my main server running CentOS 7 > and Postfix. SELinux is activated (Enforcing). > ... > SELinux is preventing /usr/bin/perl from 'read, write' accesses on the > file /var/log/spamassassin/.spamassassin/bayes_toks. > ... > Source Context system_u:system_r:spamd_t:s0 > Target Context system_u:object_r:var_log_t:s0 You may have had a custom context set on /var/log/spamassassin or a sub-path in the past, overwritten by a recent update. That's a normal occurrence if you set context using chcon rather than "semanage fcontext". The latter is persistent; the former is not. Spamassassin can write to /var/lib/spamassassin, which makes that a more suitable location for bayes_toks than /var/log. However, if you'd prefer to keep your bayes_toks file where it is, use: semanage fcontext -a -t spamd_var_lib_t /var/log/spamassassin/.spamassassin restorecon -Rv /var/log/spamassassin/.spamassassin That should set a new context for the path in your local policy, and then apply that context. Afterward, spamd should be able to write to that path.