SELinux problem after sendmail.mc modification.

Doug Thistlethwaite doug at dupreeinc.com
Fri Oct 12 20:54:25 UTC 2007 

Paul,

Thank you for the suggestion.  I tried the command you recommended and 
spamd no longer has an error when the sendmail and spamassassin services 
are started.  However, I am still having problems with my webmail client 
sending messages. I have the setourbleshoot messages included in the 
message I replied to David on this list. 

I wonder what I did to cause these problems. 

If you have suggestions on the other error messages, I would greatly 
appriciate hearing them.

Thank you for the help!

Doug

Paul Howarth wrote:
> On Thu, 11 Oct 2007 13:16:53 -0700
> Doug Thistlethwaite <doug at dupreeinc.com> wrote:
>
>   
>> Hello,
>>
>> I hope somebody has seen this before. I am not sure if it is a bug or
>> my not completely understanding how SELinux works.
>>
>> My mail server was working fine secured by SELinux running in
>> enforcing mode. Our company lost connection the the Internet for a
>> couple days so I edited sendmail.mc to skip the domain check for the
>> duration. I edited the file ran MAKE and restarted the sendmail
>> process. I also disabled spamd because all of the email would be
>> internal.
>>
>> Well SELinux didn't like what I did and started to produce lots of
>> AVC messages and provided solutions to most of them. I followed the 
>> suggestion in the "Allowing Access" section of the setroubleshoot 
>> browser and most of the messages went away. After about a dozen of
>> these messages, I decided to just have the system "relabel on next
>> reboot" using the SELinux management tool. When that didn't fix the
>> problem, I just disabled SELinux until the Internet connection was
>> fixed.
>>
>> So the connection was fixed, I fixed the sendmail.mc file to be
>> exactly the same as before the problem. I used MAKE on the file and
>> relabeled the SELinux during a reboot and reset SELinux to
>> enforcement mode.
>>
>> Spamd will not start in enforcement mode. I get the following
>> setroubleshoot message:
>>
>> Summary
>> SELinux is preventing spamd (spamd_t) "search" to mail 
>> (httpd_sys_content_t).
>>     
>
> Somehow you seem to have some important mail-related dir (and maybe
> more) labelled as httpd_sys_content_t. Maybe /etc/mail?
>
>   
>> I was under the impression that if I relabeled the system everything 
>> would be reset, but obviously I am incorrect...
>>
>> I have also received other AVC messages all relating to sendmail
>> files. I was not sure if these would help so I did not include them
>> in this message (This questions is already pretty long!).
>>
>> Any idea how I can get spamd to run in enforcing mode -and- get
>> SELinux to be happy again?
>>     
>
> httpd_sys_content_t is a customizable type and hence not subject to
> being relabelled normally.
>
> Try:
> # restorecon -FRv /etc/mail /var/spool/mail
>
> Paul.
>   

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20071012/f78d34d0/attachment.htm>

More information about the fedora-selinux-list mailing list