Re: Configuration of global procmail

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Wojciech Komornicki wrote:
> Thanks for the quick response.

You're welcome.

> I am running Fedora 5 and not 7 but I do not think that should make
> a difference.

For the most part, no.  Though if it is an selinux issue, it's
possible that the policy was improved in later versions.  Also, FC5
is no longer maintained. :)

> From the audit.log file it seems that procmail is failing on a call
> to getattr
>
> Jul 17 11:19:21 kernel: audit(1184689161.358:29353): avc:  denied  {getattr } for  pid=29579 comm=procmail name="wk" dev=dm-0 ino=14091670 scontext=root:system_r:procmail_t tcontext=root:object_r:var_spool_t tclass=file
> 
> I have encountered this before when a utility tries to get the
> attributes of a non-existent file.   I did not have a
> /etc/procmailrc file so I got one off of the web.
> 
>      # Please check if all the paths in PATH are reachable, remove the ones that
>      # are not.
> 
>      PATH=/usr/bin:/bin:/usr/local/bin:.
>      MAILDIR=$HOME/Mail        # You'd better make sure it exists
>      DEFAULT=$MAILDIR/mbox
>      LOGFILE=$MAILDIR/from
>      LOCKFILE=$HOME/.lockmail
> 
> 
>      # Anything that has not been delivered by now will go to $DEFAULT
>      # using LOCKFILE=$DEFAULT$LOCKEXT
>
> Now procmail does not fail but delivers mail to the users mbox.  If
> I omit the variable DEFAULT, procmail fails.  If I change it to
>      DEFAULT=/var/mail/$LOGNAME
> procmail failes
>
> So now procmail does not fail but does not deliver to the system
> mailbox but to the user's MAILDIR.
> 
> BTW: I am testing this out on an account I set up with not
> .procmailrc file.

You can see if it's an selinux issue by disabling selinux temporarily:

# setenforce 0

If things work then, you'll want to look carefully at the audit log.
The audit2why and audit2allow tools can be helpful here.

I'm still not sure why you need to run your own procmail instead of
the packaged version that ships with FC5.  The default selinux policy
may well allow things to work with the non-set{u,g}id procmail, if it
really is an selinux issue.

If it is selinux, you might want to search the archives of the
fedora-selinux-list.

-- 
Todd        OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Any sufficiently advanced technology is indistinguishable from a
rigged demo

Attachment: pgp9GWBxdg3ml.pgp
Description: PGP signature

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux