On Thu, 11 Oct 2007 13:16:53 -0700 Doug Thistlethwaite <doug@xxxxxxxxxxxxx> wrote: > Hello, > > I hope somebody has seen this before. I am not sure if it is a bug or > my not completely understanding how SELinux works. > > My mail server was working fine secured by SELinux running in > enforcing mode. Our company lost connection the the Internet for a > couple days so I edited sendmail.mc to skip the domain check for the > duration. I edited the file ran MAKE and restarted the sendmail > process. I also disabled spamd because all of the email would be > internal. > > Well SELinux didn't like what I did and started to produce lots of > AVC messages and provided solutions to most of them. I followed the > suggestion in the "Allowing Access" section of the setroubleshoot > browser and most of the messages went away. After about a dozen of > these messages, I decided to just have the system "relabel on next > reboot" using the SELinux management tool. When that didn't fix the > problem, I just disabled SELinux until the Internet connection was > fixed. > > So the connection was fixed, I fixed the sendmail.mc file to be > exactly the same as before the problem. I used MAKE on the file and > relabeled the SELinux during a reboot and reset SELinux to > enforcement mode. > > Spamd will not start in enforcement mode. I get the following > setroubleshoot message: > > Summary > SELinux is preventing spamd (spamd_t) "search" to mail > (httpd_sys_content_t). Somehow you seem to have some important mail-related dir (and maybe more) labelled as httpd_sys_content_t. Maybe /etc/mail? > I was under the impression that if I relabeled the system everything > would be reset, but obviously I am incorrect... > > I have also received other AVC messages all relating to sendmail > files. I was not sure if these would help so I did not include them > in this message (This questions is already pretty long!). > > Any idea how I can get spamd to run in enforcing mode -and- get > SELinux to be happy again? httpd_sys_content_t is a customizable type and hence not subject to being relabelled normally. Try: # restorecon -FRv /etc/mail /var/spool/mail Paul. -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
