On Sun, Aug 20, 2023, 9:20 AM Bhasker C V <bhas...@unixindia.com> wrote:
> Finally i switched on the enforcing mode on my linux system
> Pretty much everything is working except
>
> ```
> $ echo hello | mail -s test x...@yyy.xyz
> 2023-08-20 14:39:30 1qXieQ-000Bpa-1P 1qXieQ-000Bpa-1P no recipients found
> in headers
> Can't send mail: sendmail process failed with error code 1
> ```
> however the same works fine when I put selinux in permissive state (no
> warnings shown in audit/dmesg)
>
Is it easy for you to get the headers that cause Sendmail to say "no
recipients found in headers"? And compare with the headers generated by the
successful mail.
It might help tell if it's a bug or working as designed ;-) or maybe a
mailx issue not sendmail.
A quick ltrace says
> ```
> 1qXia0-000BPb-0a Failed to create spool file
> /var/spool/exim4//input//1qXia0-000BPb-0a-D: Permission denied
> ```
>
> However there are no avc: messages for me to allow this through in my
> selinux module
> I even tried
>
> ```
> allow unconfined_t exim_spool_t:file { open read write create };
> allow unconfined_t exim_spool_t:dir { open read write };
> ```
>
> since /var/spool/exim4/input has exim_spool_dir set in it
>
> I cant fine any booleans either ..
>
> Please could someone tell me how to get this to work ? has anyone got
> mailx working with selinux on their system ?
>
>
>
