[CentOS] Spamassassin vs. SELinux trouble

Tue Dec 12 20:25:45 UTC 2017
Gordon Messmer <gordon.messmer at gmail.com>

On 12/12/2017 04:37 AM, Nicolas Kovacs wrote:
> Spamassassin has been working nicely on my main server running CentOS 7
> and Postfix. SELinux is activated (Enforcing).
> ...
> SELinux is preventing /usr/bin/perl from 'read, write' accesses on the
> file /var/log/spamassassin/.spamassassin/bayes_toks.
> ...
> Source Context                system_u:system_r:spamd_t:s0
> Target Context                system_u:object_r:var_log_t:s0

You may have had a custom context set on /var/log/spamassassin or a 
sub-path in the past, overwritten by a recent update.  That's a normal 
occurrence if you set context using chcon rather than "semanage 
fcontext".  The latter is persistent; the former is not.

Spamassassin can write to /var/lib/spamassassin, which makes that a more 
suitable location for bayes_toks than /var/log.  However, if you'd 
prefer to keep your bayes_toks file where it is, use:

   semanage fcontext -a -t spamd_var_lib_t 
   restorecon -Rv /var/log/spamassassin/.spamassassin

That should set a new context for the path in your local policy, and 
then apply that context.  Afterward, spamd should be able to write to 
that path.