Re: Configuration of global procmail

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Wojciech Komornicki wrote:
> Thanks for the quick response.

You're welcome.

> I am running Fedora 5 and not 7 but I do not think that should make
> a difference.

For the most part, no.  Though if it is an selinux issue, it's
possible that the policy was improved in later versions.  Also, FC5
is no longer maintained. :)

> From the audit.log file it seems that procmail is failing on a call
> to getattr
>
> Jul 17 11:19:21 kernel: audit(1184689161.358:29353): avc:  denied  {getattr } for  pid=29579 comm=procmail name="wk" dev=dm-0 ino=14091670 scontext=root:system_r:procmail_t tcontext=root:object_r:var_spool_t tclass=file
> 
> I have encountered this before when a utility tries to get the
> attributes of a non-existent file.   I did not have a
> /etc/procmailrc file so I got one off of the web.
> 
>      # Please check if all the paths in PATH are reachable, remove the ones that
>      # are not.
> 
>      PATH=/usr/bin:/bin:/usr/local/bin:.
>      MAILDIR=$HOME/Mail        # You'd better make sure it exists
>      DEFAULT=$MAILDIR/mbox
>      LOGFILE=$MAILDIR/from
>      LOCKFILE=$HOME/.lockmail
> 
> 
>      # Anything that has not been delivered by now will go to $DEFAULT
>      # using LOCKFILE=$DEFAULT$LOCKEXT
>
> Now procmail does not fail but delivers mail to the users mbox.  If
> I omit the variable DEFAULT, procmail fails.  If I change it to
>      DEFAULT=/var/mail/$LOGNAME
> procmail failes
>
> So now procmail does not fail but does not deliver to the system
> mailbox but to the user's MAILDIR.
> 
> BTW: I am testing this out on an account I set up with not
> .procmailrc file.

You can see if it's an selinux issue by disabling selinux temporarily:

# setenforce 0

If things work then, you'll want to look carefully at the audit log.
The audit2why and audit2allow tools can be helpful here.

I'm still not sure why you need to run your own procmail instead of
the packaged version that ships with FC5.  The default selinux policy
may well allow things to work with the non-set{u,g}id procmail, if it
really is an selinux issue.

If it is selinux, you might want to search the archives of the
fedora-selinux-list.

-- 
Todd        OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Any sufficiently advanced technology is indistinguishable from a
rigged demo

Attachment: pgpzLxIxDlAOR.pgp
Description: PGP signature

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux