Re: Procmail battles

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Paul Michael Reilly wrote:
Paul Howarth <paul@xxxxxxxxxxxx> writes:
...
 > The out-of-the-box selinux policy for FC5 was somewhat broken for
 > procmail, particularly if you wanted to forward mail as an action.
> > Paul, what log files are you trying to write, and what the the "adv:
 > denial" messages you see in /var/log/messages when procmail tries to
 > write to this log?

My long term goal is to filter incoming CVS mail to reformat it and
resend it.  Not an easy task, for me anyway, so I thought I'd just
start real simple by playing with and learning procmail filters.  Real
basic stuff.  Nothing worked.  So out of desperation I tried just
logging to ~/procmail.log.  Didn't work.  Eventually I concluded by
reading /var/log/messages that this weird bizarre message:

        May 13 21:22:04 roamer kernel: audit(1147569724.815:39): avc:
        denied { search } for pid=26417 comm="procmail" name="log"
        dev=dm-0 ino=4128796 scontext=system_u:system_r:procmail_t:s0
        tcontext=system_u:object_r:var_log_t:s0 tclass=dir

might have something to do with it.  And I guessed correctly that
SELINUX was at play.

This looks like an attempt to write something to /var/log/something rather than ~/procmail.log

> Of course, I am now ready to put out a contract
on the bastards that inflicted selinux upon us, but I'll get over that
in time.

Rather those bastards than the bastards that "owned" the machine of the guy in the "Postfix Problems" thread from earlier today and used to send lottery scam spam out. That would almost certainly have been prevented by SELinux.

> Meanwhile I'd dearly love to know what those bastards had in
mind for cleanly informing Users that, "Sorry, we are not letting
procmail do your bidding because ... and here's what you need to do to
make us happy ... Happy Hacking".

http://fedoraproject.org/wiki/SELinux is a reasonable start.

 > Gregory, is /save/home/$USER the home directory for $USER?
 > What's the output of:
 > $ ls -laZ /save/home

This means nothing to me, not being Gregory.  Is he one of those
bastards? :-)

No, he's the guy whose mail you replied to in your next email, who was also having procmail issues.

Paul.

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux