-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 12/14/2011 05:34 PM, Lester M. Petrie Jr. wrote:
> Hi
>
> When I try to have procmail deliver my email, I get the following
> avc messages:
>
> type=AVC msg=audit(1323699624.572:2022): avc: denied { write }
> for pid=18801 comm="procmail" name="local-mail" dev=sdd10
> ino=7471567 scontext=system_u:system_r:procmail_t:s0
> tcontext=unconfined_u:object_r:data_home_t:s0 tclass=dir
> type=SYSCALL msg=audit(1323699624.572:2022): arch=c000003e
> syscall=2 success=no exit=-13 a0=cba680 a1=441 a2=1b7 a3=1 items=0
> ppid=18799 pid=18801 auid=4294967295 uid=14060 gid=100 euid=14060
> suid=14060 fsuid=14060 egid=100 sgid=100 fsgid=100 tty=(none)
> ses=4294967295 comm="procmail" exe="/usr/bin/procmail"
> subj=system_u:system_r:procmail_t:s0 key=(null) type=AVC
> msg=audit(1323699624.572:2023): avc: denied { write } for
> pid=18801 comm="procmail" name="inbox" dev=sdd10 ino=12714135
> scontext=system_u:system_r:procmail_t:s0
> tcontext=unconfined_u:object_r:data_home_t:s0 tclass=dir
> type=SYSCALL msg=audit(1323699624.572:2023): arch=c000003e
> syscall=2 success=no exit=-13 a0=cb7b50 a1=c1 a2=1b7
> a3=65642d6e697373 items=0 ppid=18799 pid=18801 auid=4294967295
> uid=14060 gid=100 euid=14060 suid=14060 fsuid=14060 egid=100
> sgid=100 fsgid=100 tty=(none) ses=4294967295 comm="procmail"
> exe="/usr/bin/procmail" subj=system_u:system_r:procmail_t:s0
> key=(null)
>
> I am running Fedora 15 with a KDE 4.7.4 desktop, and am using
> kmail2. When I try to create and install a local policy to allow
> this access, a .pp file is created, but installing fails with the
> following messages.
>
> libsepol.print_missing_requirements: procmail's global requirements
> were not met: type/attribute procmail_t (No such file or
> directory). libsemanage.semanage_link_sandbox: Link packages failed
> (No such file or directory). semodule: Failed!
>
>
> The .pp file is
>
> module procmail 1.0;
>
> require { type data_home_t; type procmail_t; class dir write; class
> file append; }
>
> #============= procmail_t ============== #!!!! The source type
> 'procmail_t' can write to a 'dir' of the following types: #
> user_home_t, var_log_t, procmail_log_t, user_home_dir_t, tmp_t,
> mail_spool_t, nfs_t
>
> allow procmail_t data_home_t:dir write; allow procmail_t
> data_home_t:file append;
>
> I can relabel the mail directory as user_home_t, and procmail
> works, but I haven't found how to make the relabel survive a
> general machine relabel. Any help would be appreciated.
>
Never make policy with the same name as an existing. Change this to
module myprocmail 1.0
and it will work.
I take it procmail needs to write to files under ~/.local/share
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk7qC+kACgkQrlYvE4MpobOq6QCbBTueIBpouR0i5RJIK8wDtuQx
skEAoKjiCaI+iCT0W8LVhaVjp4P4wqk8
=4j/+
-----END PGP SIGNATURE-----
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
