fetchmail/procmail denials

Gene Heskett gene.heskett at verizon.net
Mon Mar 9 16:35:45 UTC 2009 

On Monday 09 March 2009, Paul Howarth wrote:
>Daniel J Walsh wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Gene Heskett wrote:
>>> Greetings;
>>>
>>> Its been several days, but I haven't seen any policy updates yet, and
>>> setroubleshooter is still hacking away at the lower right corner of the
>>> screen.
>>>
>>> Call this a ping? :)
>>
>> Gene need more info.  OS? Problem?  AVCs?
>>
>> Lots of email, lots of bugzillas, 5 different OSs.
>>
>> RHEL4, RHEL5, F9, F10, Rawhide.
>
>I think Gene was referring to this:
>
>https://www.redhat.com/archives/fedora-selinux-list/2009-March/msg00025.html
>
>Paul.

Yes, Paul.  And to requote from the last of that thread:

"Fetchmail policy does not allow for the creation of a logfile right now.
  I guess the default is to write to syslog.  We need to add a mechansim
for fetchmail to create a fetchmail_log_t and allow procmail_t to append
to it."

Which would address this particular problem nicely WITH the exception that my 
procmail keeps its own logs.

Here is my 'mail' script in /etc/logrotate.d:
===============================================
# Logrotate file for fetchmail.log and procmail.log

/var/log/fetchmail.log {
	missingok
	compress
	notifempty
	weekly
	size=1000k
	rotate 5
	copytruncate
	create 0600 gene gene
	prerotate
		/usr/bin/killall fetchmail
		sleep 1
	endscript
        postrotate
		chown gene:gene /var/log/fetchmail.log
		restorecon -v /var/log/fetchmail.log
		echo "log rotated on "date -u >>var/log/fetchmail.log
		su gene -c "/usr/bin/fetchmail -d 90 --fetchmailrc /home/gene/.fetchmailrc"
        endscript
}
/var/log/procmail.log {
        missingok
        compress
        notifempty
	weekly
        size=1000k
        rotate 5
	copytruncate
        create 0600 gene gene
	postrotate
		restorecon -v /var/log/procmail.log
		echo "log rotated on "date -u >>/var/log/procmail.log
	endscript
}
===========================================
And I should note that doing a head on the two files shows the echo's above, 
except I need to backtick the date -u :)  I'll fix that right now.

FWIW, neither file is up to the trigger size, but close, and this is only 
noonish Monday:
-rw------- 1 gene gene 472824 2009-03-09 12:23 /var/log/fetchmail.log
-rw------- 1 gene gene 854970 2009-03-09 12:21 /var/log/procmail.log
>From the dates on the rest of the procmail.log-*.gz's it is in fact being 
rotated daily, so I should add another 0 to the size, or just remove it & let 
it use the Sunday morning schedule.  Or I should remove the VERBOSE=yes in the 
~/.procmailrc :)  fetchmail.log is being rotated at 4 day intervals.

At one point someone else whose name is not (I don't think) on the CC: list, 
said he would do it.  So I was expecting to see a new targeted policy show up 
in yumex in a day or so, but it is still missing.

Thanks everybody.

-- 
Cheers, Gene
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Fatal Error: Found MS-Windows System -> Repartitioning Disk for Linux...

More information about the fedora-selinux-list mailing list