Procmail battles

Paul Howarth paul at city-fan.org
Wed May 17 09:29:51 UTC 2006 

Paul Michael Reilly wrote:
> Paul Howarth <paul at city-fan.org> writes:
> ...
>  > The out-of-the-box selinux policy for FC5 was somewhat broken for
>  > procmail, particularly if you wanted to forward mail as an action.
>  > 
>  > Paul, what log files are you trying to write, and what the the "adv:
>  > denial" messages you see in /var/log/messages when procmail tries to
>  > write to this log?
> 
> My long term goal is to filter incoming CVS mail to reformat it and
> resend it.  Not an easy task, for me anyway, so I thought I'd just
> start real simple by playing with and learning procmail filters.  Real
> basic stuff.  Nothing worked.  So out of desperation I tried just
> logging to ~/procmail.log.  Didn't work.  Eventually I concluded by
> reading /var/log/messages that this weird bizarre message:
> 
>         May 13 21:22:04 roamer kernel: audit(1147569724.815:39): avc:
>         denied { search } for pid=26417 comm="procmail" name="log"
>         dev=dm-0 ino=4128796 scontext=system_u:system_r:procmail_t:s0
>         tcontext=system_u:object_r:var_log_t:s0 tclass=dir
> 
> might have something to do with it.  And I guessed correctly that
> SELINUX was at play.

This looks like an attempt to write something to /var/log/something 
rather than ~/procmail.log

 > Of course, I am now ready to put out a contract
> on the bastards that inflicted selinux upon us, but I'll get over that
> in time.

Rather those bastards than the bastards that "owned" the machine of the 
guy in the "Postfix Problems" thread from earlier today and used to send 
lottery scam spam out. That would almost certainly have been prevented 
by SELinux.

 > Meanwhile I'd dearly love to know what those bastards had in
> mind for cleanly informing Users that, "Sorry, we are not letting
> procmail do your bidding because ... and here's what you need to do to
> make us happy ... Happy Hacking".

http://fedoraproject.org/wiki/SELinux is a reasonable start.

>  > Gregory, is /save/home/$USER the home directory for $USER?
>  > What's the output of:
>  > $ ls -laZ /save/home
> 
> This means nothing to me, not being Gregory.  Is he one of those
> bastards? :-)

No, he's the guy whose mail you replied to in your next email, who was 
also having procmail issues.

Paul.

More information about the fedora-list mailing list