nfs emacs movemail and selinux
Stephen Smalley
sds at tycho.nsa.gov
Tue Jul 5 18:42:19 UTC 2005
On Tue, 2005-07-05 at 11:36 -0700, Wolfgang S. Rupprecht wrote:
> I'm seeing an interaction in FC4 between a mailbox file on an NFS
> server, emacs's movemail and (I presume) selinux. (This is with all
> the current rpm updates.)
>
> When I try getting my mail I see this error message from inside emacs:
>
> movemail: Input/output error for /home/wolfgang/Mailbox
>
> movemail exited with code 1
>
> Here is what the context looks like on the NFS-ed mailbox along with
> what root's local mailbox looks like:
>
> $ ll --lcontext /var/mail/root /home/wolfgang/Mailbox
> 2.0K -rw------- 1 wolfgang wsrcc 1.4K Jul 5 11:28 /home/wolfgang/Mailbox
> 8.0K -rw------- 1 system_u:object_r:mail_spool_t root root 631 Jul 5 11:31 /var/mail/root
>
> I assume the missing context stuff on the Mailbox file is causing
> problems. What is the correct way to deal with this? Turning off
> selinux?
I'd expect "Permission denied" not "Input/output error" for a
SELinux-related failure, and you should have an avc denied message in
your /var/log/audit/audit.log file. NFS doesn't support file security
labels presently, but SELinux still internally assigns a label to the
incore inode and policy should allow the access. Easy way to check is
to run /usr/sbin/setenforce 0 and try again. If that makes no
difference, then SELinux is unlikely to be the culprit.
--
Stephen Smalley
National Security Agency
More information about the fedora-list
mailing list