Re: SELinux problem after sendmail.mc modification.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Paul,

Thank you for the suggestion.  I tried the command you recommended and spamd no longer has an error when the sendmail and spamassassin services are started.  However, I am still having problems with my webmail client sending messages. I have the setourbleshoot messages included in the message I replied to David on this list. 

I wonder what I did to cause these problems. 

If you have suggestions on the other error messages, I would greatly appriciate hearing them.

Thank you for the help!

Doug

Paul Howarth wrote:
On Thu, 11 Oct 2007 13:16:53 -0700
Doug Thistlethwaite <doug@xxxxxxxxxxxxx> wrote:

  
Hello,

I hope somebody has seen this before. I am not sure if it is a bug or
my not completely understanding how SELinux works.

My mail server was working fine secured by SELinux running in
enforcing mode. Our company lost connection the the Internet for a
couple days so I edited sendmail.mc to skip the domain check for the
duration. I edited the file ran MAKE and restarted the sendmail
process. I also disabled spamd because all of the email would be
internal.

Well SELinux didn't like what I did and started to produce lots of
AVC messages and provided solutions to most of them. I followed the 
suggestion in the "Allowing Access" section of the setroubleshoot 
browser and most of the messages went away. After about a dozen of
these messages, I decided to just have the system "relabel on next
reboot" using the SELinux management tool. When that didn't fix the
problem, I just disabled SELinux until the Internet connection was
fixed.

So the connection was fixed, I fixed the sendmail.mc file to be
exactly the same as before the problem. I used MAKE on the file and
relabeled the SELinux during a reboot and reset SELinux to
enforcement mode.

Spamd will not start in enforcement mode. I get the following
setroubleshoot message:

Summary
SELinux is preventing spamd (spamd_t) "search" to mail 
(httpd_sys_content_t).
    

Somehow you seem to have some important mail-related dir (and maybe
more) labelled as httpd_sys_content_t. Maybe /etc/mail?

  
I was under the impression that if I relabeled the system everything 
would be reset, but obviously I am incorrect...

I have also received other AVC messages all relating to sendmail
files. I was not sure if these would help so I did not include them
in this message (This questions is already pretty long!).

Any idea how I can get spamd to run in enforcing mode -and- get
SELinux to be happy again?
    

httpd_sys_content_t is a customizable type and hence not subject to
being relabelled normally.

Try:
# restorecon -FRv /etc/mail /var/spool/mail

Paul.
  

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux