I've recently built a new mail server with centos6.5, and decided to bite
the
bullet and leave SELinux running. I've stumbled through making things work
and
am mostly there.
I've got my own spam and ham corpus as mbox files in
/home/user/Mail/learned.
These files came from my backup of the centos 5 server this machine is
replacing.
The folder is owned by the user (the following is run as root):
ls -laF learned
drw-------. 6 user group 4096 Jun 10 03:35 ./
drw-------. 6 user group 35864Jun 10 03:35 ../
drw-------. 6 user group 4096 Jun 10 03:35 2004/
-rw-------. 6 user group 155296 Jun 10 03:35 2014_10_Jun_learned_spam
-rw-------. 6 user group 996584 Jun 10 03:35 2014_10_Jun_learned_ham
also as root:
ls -laZlearned
drw-------. 6 user group unconfined_u:object_r:mail_spool_t:s0.
drw-------. 6 user group unconfined_u:object_r:mail_spool_t:s0..
drw-------. 6 user group unconfined_u:object_r:mail_spool_t:s02004
-rw-------. 6 user group
system_u:object_r:mail_spool_t:s02014_10_Jun_learned_spam
-rw-------. 6 user group
system_u:object_r:mail_spool_t:s02014_10_Jun_learned_ham
When I do the same as the user, I get this:
ls -laF learned
ls: cannot access learned/2004: Permission denied
ls: cannot access 2014_10_Jun_learned_spam: Permission denied
ls: cannot access 2014_10_Jun_learned_ham: Permission denied
total 0
d???????? ? ? ? ? ? ./
d???????? ? ? ? ? ? ../
d???????? ? ? ? ? ? 2004/
-???????? ? ? ? ? ? 2014_10_Jun_learned_spam
-???????? ? ? ? ? ? 2014_10_Jun_learned_ham
and this:
ls -laFZ learned
ls: cannot access learned/2004: Permission denied
ls: cannot access 2014_10_Jun_learned_spam: Permission denied
ls: cannot access 2014_10_Jun_learned_ham: Permission denied
total 0
d???????? ? ? ./
d???????? ? ? ../
d???????? ? ? 2004/
-???????? ? ? 2014_10_Jun_learned_spam
-???????? ? ? 2014_10_Jun_learned_ham
The user's process to feed the spam and ham to spamassassin fails when
trying to
write to the directories, even though the files are owned by user:group
What, precisely is wrong here? I don't get any AVC entries in
/var/log/audit/audit.log, so I'm at a loss as to what to try next. Should
this
directory not be target mail_spool_t? Any guesses?
-chuck
--
ACCEL Services, Inc.| Specialists in Gravity, Magnetics | (713)993-0671 ph.
| and Integrated Interpretation | (713)993-0608 fax
448 W. 19th St. #325| Since 1992 | (713)306-5794 cell
Houston, TX, 77008 | Chuck Campbell | campbell at
accelinc.com
| President & Senior Geoscientist |
"Integration means more than having all the maps at the same
scale!"