Sudden exim selinux problem

[John Horne]

On Thu, 2007-10-04 at 11:40 +0100, Matt Bernstein wrote:
> At 11:23 +0100 John Horne wrote:
> 
> > I'm running F7 on my work PC, and use the Exim MTA to receive mail on
> > the PC from our central mailhubs. This has not been a problem since I
> > first installed F7, and I have been running it with selinux enabled.
> 
> I think exim has just got some selinux policy. You might need to "fixfiles 
> relabel" on your workstation.
> 
Running 'fixfiles' didn't resolve it.

> > Anyone else noticed this, or any ideas about it? I'm currently looking
> > for that F7 utility that explains the audit.log entries a bit better and
> > how to (possibly) correct the problem. Trouble is I can't remember what
> > it is called! :-)
> 
> setroubleshoot
> audit2why
> audit2allow (but try to get your files into the right context first, 
> perhaps under "setenforce 0")
> 
'audit2why' was what I was thinking of.

'getsebool' shows only 2 Exim booleans, both off by default. Turning
these to 'on' made no difference. Running audit2allow, and following the
man page, changed things but the mail still fails. I now get (for
example):

==================================================
2007-10-04 12:40:07 H=tracy.csd.plymouth.ac.uk [141.163.177.2]
F=<condor-users-bounces at cs.wisc.edu> temporarily rejected RCPT
<john at jhorne.csd.plymouth.ac.uk>: require_files: error
for /home/john/Maildir/: Permission denied
==================================================

Now this isn't an selinux error, but, as said before, this was all
working fine. The directory Maildir certainly hasn't changed. I think
I'm basically going to have to disable selinux (because the mail works
then) and send the problem up to bugzilla so that it can be fixed in the
next update.

Thanks for your help,


John.

-- 
---------------------------------------------------------------
John Horne, University of Plymouth, UK  Tel: +44 (0)1752 233914
E-mail: John.Horne at plymouth.ac.uk       Fax: +44 (0)1752 233839