On Tue, 2006-05-30 at 13:41 -0500, Marc Schwartz (via MN) wrote: > On Tue, 2006-05-30 at 16:32 +0100, Paul Howarth wrote: > > Marc Schwartz wrote: > > > Hi all, > > > > > > I took advantage of the long weekend here in the States to finally > > > update to FC5. All went well in general, however it has become apparent > > > that procmail is problematic with SELinux enabled. > > > > > > fetchmail and postfix work fine in terms of getting my e-mail from > > > multiple POP3 accounts. However local (~/.procmailrc) procmail filtering > > > does not. > > > > > > My FC4 configuration files, with a few edits to reflect some path > > > changes for postfix, now work fine with SELinux disabled. I was not > > > running SELinux on FC4 and all worked fine there. > > > > > > I found other FC5/SELinux posts where others have had similar problems > > > and disabling SELinux solved them. > > > > > > This is on a fully updated FC5 system as of the writing of this post. > > > > > > Is there a policy update pending to resolve this issue or some temporary > > > steps that can be used in the interim, short of disabling SELinux entirely? > > > > I'm using procmail with sendmail on FC5. and whilst there were > > significant problems getting it to work with the out-of-the-box policy, > > it's mostly fixed now. The only local tweaks I do to policy are to add > > the ability to write a log file to /var/log (probably peculiar to me), > > to allow it to forward mail by calling sendmail (I think policy still > > doesn't allow reading of the /usr/sbin/sendmail -> /etc/alternatives/mta > > symlink, which pretty much most procmail users will need), and to allow > > programs called from procmail to create temporary files. > > > > If you run SELinux in permissive mode and post the AVCs that get logged > > when procmail is running, it should be possible to get this fixed. > > Paul, > > Thanks for the reply. > > I have re-booted with SELinux in Permissive Mode. > > However, while procmail is working still, I see no avc messages at all > in /var/log/messages that would seemingly be related here. There are > other avc's there, most of which appear to be related to the boot > process and the relabelling of files subsequent to having disabled > SELinux earlier. > > Is this something more subtle or is there someplace else that I should > be looking? Perhaps you have auditd running, and have AVCs logged to /var/log/audit/audit.log instead? > BTW, on a separate and possible SELinux related issue, I had noted that > the Evolution Data Server was crashing after I first installed FC5 with > SELinux enabled. For the time this morning that I had SELinux disabled, > I was not getting the crash. Didn't make the association initially, but > now that I have it re-enabled in Permissive Mode, it's crashing again. > No avc's in the log here either. Don't know what's happening with that. Having SELinux in permissive mode should behave almost identically to disabled mode really. Paul. -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
