Re: mailx and selinux not co-operating

Mon, 21 Aug 2023 23:24:10 -0700 

For future reference

There is another package mailutils which also provides /usr/bin/mail.
This is working fine with selinux in enforcing mode.
This is a good alternative



On Mon, Aug 21, 2023 at 2:56 AM Bhasker C V <bhas...@unixindia.com> wrote:

> Thanks Nicholas
> However, it doesnt  to my knowledge looks like an issue with mailx or
> sendmail (I use exim4).
> The reason i derive at at is because the whole thing works the moment i
> disable selinux.
>
> What i wonder is why selinux is not complaining about the failure ? No
> logs whatsoever ...
>
> On Mon, Aug 21, 2023 at 12:58 AM Nicholas Geovanis <nickgeova...@gmail.com>
> wrote:
>
>> On Sun, Aug 20, 2023, 9:20 AM Bhasker C V <bhas...@unixindia.com> wrote:
>>
>>> Finally i switched on the enforcing mode on my linux system
>>> Pretty much everything is working except
>>>
>>> ```
>>> $ echo hello | mail -s test x...@yyy.xyz
>>> 2023-08-20 14:39:30 1qXieQ-000Bpa-1P 1qXieQ-000Bpa-1P no recipients
>>> found in headers
>>> Can't send mail: sendmail process failed with error code 1
>>> ```
>>> however the same works fine when I put selinux in permissive state (no
>>> warnings shown in audit/dmesg)
>>>
>>
>> Is it easy for you to get the headers that cause Sendmail to say "no
>> recipients found in headers"? And compare with the headers generated by the
>> successful mail.
>> It might help tell if it's a bug or working as designed ;-) or maybe a
>> mailx issue not sendmail.
>>
>> A quick ltrace says
>>> ```
>>>  1qXia0-000BPb-0a Failed to create spool file
>>> /var/spool/exim4//input//1qXia0-000BPb-0a-D: Permission denied
>>> ```
>>>
>>> However there are no avc: messages for me to allow this through in my
>>> selinux module
>>> I even tried
>>>
>>> ```
>>> allow unconfined_t exim_spool_t:file { open read write create };
>>> allow unconfined_t exim_spool_t:dir { open read write };
>>> ```
>>>
>>> since /var/spool/exim4/input has exim_spool_dir set in it
>>>
>>> I cant fine any booleans either ..
>>>
>>> Please could someone tell me how to get this to work ? has anyone got
>>> mailx working with selinux on their system ?
>>>
>>>
>>>

Reply via email to