Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-26545

/usr/bin/sa-update triggers an SELinux alert related to writing to /root directory

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Normal Normal
    • None
    • rhel-9.3.0
    • spamassassin
    • None
    • None
    • Moderate
    • rhel-sst-cs-stacks
    • ssg_core_services
    • None
    • False
    • Hide

      None

      Show
      None
    • None
    • Red Hat Enterprise Linux
    • None
    • None
    • None
    • All
    • None

      What were you trying to do that didn't work?

      During system log analysis it was found that on any "sa-update" run an SELinux alert was triggered.

      Please provide the package NVR for which bug is seen:

      rpm -qf /usr/bin/sa-update
      spamassassin-3.4.6-5.el9.x86_64

      How reproducible: always

      Steps to reproduce

      • Wait one day or decrease version in "/var/lib/spamassassin/3.004006/updates_spamassassin_org.cf"

      • Disable "sleep" in /usr/share/spamassassin/sa-update.cron
      • Start sa-update.service

      Expected results

      No SELinux alert

      Actual results

      SELinux alert

      type=AVC msg=audit(1708729291.574:229090): avc:  denied  { write } for  pid=725971 comm="sa-update" name="root" dev="sda3" ino=5767169 scontext=system_u:system_r:spamd_update_t:s0 tcontext=system_u:object_r:admin_home_t:s0 tclass=dir permissive=0

type=SYSCALL msg=audit(1708729291.574:229090): arch=x86_64 syscall=mkdir success=no exit=EACCES a0=55673bee7530 a1=1c0 a2=7f3f625d4f43 a3=556739fe4300 items=0 ppid=725423 pid=725971 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=sa-update exe=/usr/bin/perl subj=system_u:system_r:spamd_update_t:s0 key=(null)ARCH=x86_64 SYSCALL=mkdir AUID=unset UID=root GID=root EUID=root SUID=root FSUID=root EGID=root SGID=root FSGID=root

      After enabling debug following messages appear 2 times per run:

      Feb 24 06:34:33.289 [953815] dbg: config: read file /etc/mail/spamassassin/v343.pre
Feb 24 06:34:33.289 [953815] dbg: config: using "/tmp/.spamassassin953815tJPiNYtmp/doesnotexist" for sys rules pre files
Feb 24 06:34:33.289 [953815] dbg: config: using "/tmp/.spamassassin953815tJPiNYtmp/doesnotexist" for default rules dir
Feb 24 06:34:33.290 [953815] dbg: config: mkdir /root/.spamassassin failed: mkdir /root/.spamassassin: Permission denied at /usr/share/perl5/vendor_perl/Mail/SpamAssassin.pm line 1901.
Feb 24 06:34:33.290 [953815] dbg: config: using "/tmp/.spamassassin953815tJPiNYtmp/doesnotexist/doesnotexist" for user prefs file
Feb 24 06:34:33.290 [953815] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC

Feb 24 06:34:35.256 [953815] dbg: config: read file /tmp/.spamassassin953815tJPiNYtmp/regression_tests.cf
Feb 24 06:34:35.258 [953815] dbg: config: mkdir /root/.spamassassin failed: mkdir /root/.spamassassin: Permission denied at /usr/share/perl5/vendor_perl/Mail/SpamAssassin.pm line 1901.
Feb 24 06:34:35.258 [953815] dbg: config: using "/tmp/.spamassassin953815tJPiNYtmp/doesnotexist" for user prefs file
Feb 24 06:34:35.269 [953815] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC

              rhn-support-mosvald Martin Osvald (Inactive)
              pb_bieringer Peter Bieringer (Inactive)
              Martin Osvald Martin Osvald (Inactive)
              Frantisek Hrdina Frantisek Hrdina
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated: