On Tue, 2005-07-05 at 11:36 -0700, Wolfgang S. Rupprecht wrote: > I'm seeing an interaction in FC4 between a mailbox file on an NFS > server, emacs's movemail and (I presume) selinux. (This is with all > the current rpm updates.) > > When I try getting my mail I see this error message from inside emacs: > > movemail: Input/output error for /home/wolfgang/Mailbox > > movemail exited with code 1 > > Here is what the context looks like on the NFS-ed mailbox along with > what root's local mailbox looks like: > > $ ll --lcontext /var/mail/root /home/wolfgang/Mailbox > 2.0K -rw------- 1 wolfgang wsrcc 1.4K Jul 5 11:28 /home/wolfgang/Mailbox > 8.0K -rw------- 1 system_u:object_r:mail_spool_t root root 631 Jul 5 11:31 /var/mail/root > > I assume the missing context stuff on the Mailbox file is causing > problems. What is the correct way to deal with this? Turning off > selinux? I'd expect "Permission denied" not "Input/output error" for a SELinux-related failure, and you should have an avc denied message in your /var/log/audit/audit.log file. NFS doesn't support file security labels presently, but SELinux still internally assigns a label to the incore inode and policy should allow the access. Easy way to check is to run /usr/sbin/setenforce 0 and try again. If that makes no difference, then SELinux is unlikely to be the culprit. -- Stephen Smalley National Security Agency
