On Wednesday 16 January 2008, Paul Howarth wrote:
>Daniel J Walsh wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Gene Heskett wrote:
>>> Greetings;
>>>
>>> At about the time the backup program amanda is due to send me an email,
>>> I'm getting popups from selinux.
>>>
>>> Amanda is at times trying to send the user gene an email, some of which I
>>> do
>>>
>>> get, but:
>>> >From setroubleshoot:
>>>
>>> SUMMARY
>>> SELinux is preventing /usr/bin/procmail (procmail_t) "search" to
>>> (var_log_t).
>
>On a related matter, I sometimes like to use a system-wide procmail
>script (/etc/procmailrc) and have system-wide procmail logs to go with
>that, which can be done by putting in /etc/procmailrc something like:
>
>LOGFILE=/var/log/procmail.log
>or
>LOGFILE=/var/log/procmail/$LOGNAME
>
>Current policy doesn't cater for this, so I added:
>
>
>myprocmail.te
>
>policy_module(myprocmail, 0.5.6)
>
>require {
> type procmail_t;
> type sendmail_t;
>};
>
># log files
>type procmail_log_t;
>logging_log_file(procmail_log_t)
>
># Write log to /var/log/procmail.log or /var/log/procmail/.*
>allow procmail_t procmail_log_t:dir setattr;
>create_files_pattern(procmail_t,procmail_log_t,procmail_log_t)
>append_files_pattern(procmail_t,procmail_log_t,procmail_log_t)
>read_lnk_files_pattern(procmail_t,procmail_log_t,procmail_log_t)
>logging_log_filetrans(procmail_t,procmail_log_t, { file dir })
>
># ==============================================
># Procmail needs to call sendmail for forwarding
># ==============================================
>
># Read alternatives link (still not in policy?)
>corecmd_read_bin_symlinks(procmail_t)
>
># Procmail occasionally signals sendmail, e.g. when it times out during
>forwarding
>sendmail_signal(procmail_t)
>
>
>myprocmail.fc
>
>/var/log/procmail\.log --
>gen_context(system_u:object_r:procmail_log_t,s0)
>/var/log/procmail(/.*)?
>gen_context(system_u:object_r:procmail_log_t,s0)
>
>
>
>
>
>The last bits of policy are things I've had locally for a couple of
>Fedora releases now; not sure if they're in current policy but I think
>they should be.
>
>Cheers, Paul.
>
Thanks guys, it sounds like the next release will fix this.
--
Cheers, Gene
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
If A equals success, then the formula is _�A = _�X + _�Y + _�Z. _�X is work.
_�Y
is play. _�Z is keep your mouth shut.
-- Albert Einstein
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
