Re: mailx and selinux not co-operating

2023-08-22 Thread Bhasker C V 
For future reference

There is another package mailutils which also provides /usr/bin/mail.
This is working fine with selinux in enforcing mode.
This is a good alternative



On Mon, Aug 21, 2023 at 2:56 AM Bhasker C V  wrote:

> Thanks Nicholas
> However, it doesnt  to my knowledge looks like an issue with mailx or
> sendmail (I use exim4).
> The reason i derive at at is because the whole thing works the moment i
> disable selinux.
>
> What i wonder is why selinux is not complaining about the failure ? No
> logs whatsoever ...
>
> On Mon, Aug 21, 2023 at 12:58 AM Nicholas Geovanis 
> wrote:
>
>> On Sun, Aug 20, 2023, 9:20 AM Bhasker C V  wrote:
>>
>>> Finally i switched on the enforcing mode on my linux system
>>> Pretty much everything is working except
>>>
>>> ```
>>> $ echo hello | mail -s test x...@yyy.xyz
>>> 2023-08-20 14:39:30 1qXieQ-000Bpa-1P 1qXieQ-000Bpa-1P no recipients
>>> found in headers
>>> Can't send mail: sendmail process failed with error code 1
>>> ```
>>> however the same works fine when I put selinux in permissive state (no
>>> warnings shown in audit/dmesg)
>>>
>>
>> Is it easy for you to get the headers that cause Sendmail to say "no
>> recipients found in headers"? And compare with the headers generated by the
>> successful mail.
>> It might help tell if it's a bug or working as designed ;-) or maybe a
>> mailx issue not sendmail.
>>
>> A quick ltrace says
>>> ```
>>>  1qXia0-000BPb-0a Failed to create spool file
>>> /var/spool/exim4//input//1qXia0-000BPb-0a-D: Permission denied
>>> ```
>>>
>>> However there are no avc: messages for me to allow this through in my
>>> selinux module
>>> I even tried
>>>
>>> ```
>>> allow unconfined_t exim_spool_t:file { open read write create };
>>> allow unconfined_t exim_spool_t:dir { open read write };
>>> ```
>>>
>>> since /var/spool/exim4/input has exim_spool_dir set in it
>>>
>>> I cant fine any booleans either ..
>>>
>>> Please could someone tell me how to get this to work ? has anyone got
>>> mailx working with selinux on their system ?
>>>
>>>
>>>

Re: mailx and selinux not co-operating

2023-08-20 Thread Bhasker C V 
Thanks Nicholas
However, it doesnt  to my knowledge looks like an issue with mailx or
sendmail (I use exim4).
The reason i derive at at is because the whole thing works the moment i
disable selinux.

What i wonder is why selinux is not complaining about the failure ? No logs
whatsoever ...

On Mon, Aug 21, 2023 at 12:58 AM Nicholas Geovanis 
wrote:

> On Sun, Aug 20, 2023, 9:20 AM Bhasker C V  wrote:
>
>> Finally i switched on the enforcing mode on my linux system
>> Pretty much everything is working except
>>
>> ```
>> $ echo hello | mail -s test x...@yyy.xyz
>> 2023-08-20 14:39:30 1qXieQ-000Bpa-1P 1qXieQ-000Bpa-1P no recipients found
>> in headers
>> Can't send mail: sendmail process failed with error code 1
>> ```
>> however the same works fine when I put selinux in permissive state (no
>> warnings shown in audit/dmesg)
>>
>
> Is it easy for you to get the headers that cause Sendmail to say "no
> recipients found in headers"? And compare with the headers generated by the
> successful mail.
> It might help tell if it's a bug or working as designed ;-) or maybe a
> mailx issue not sendmail.
>
> A quick ltrace says
>> ```
>>  1qXia0-000BPb-0a Failed to create spool file
>> /var/spool/exim4//input//1qXia0-000BPb-0a-D: Permission denied
>> ```
>>
>> However there are no avc: messages for me to allow this through in my
>> selinux module
>> I even tried
>>
>> ```
>> allow unconfined_t exim_spool_t:file { open read write create };
>> allow unconfined_t exim_spool_t:dir { open read write };
>> ```
>>
>> since /var/spool/exim4/input has exim_spool_dir set in it
>>
>> I cant fine any booleans either ..
>>
>> Please could someone tell me how to get this to work ? has anyone got
>> mailx working with selinux on their system ?
>>
>>
>>

Re: mailx and selinux not co-operating

2023-08-20 Thread Nicholas Geovanis 
On Sun, Aug 20, 2023, 9:20 AM Bhasker C V  wrote:

> Finally i switched on the enforcing mode on my linux system
> Pretty much everything is working except
>
> ```
> $ echo hello | mail -s test x...@yyy.xyz
> 2023-08-20 14:39:30 1qXieQ-000Bpa-1P 1qXieQ-000Bpa-1P no recipients found
> in headers
> Can't send mail: sendmail process failed with error code 1
> ```
> however the same works fine when I put selinux in permissive state (no
> warnings shown in audit/dmesg)
>

Is it easy for you to get the headers that cause Sendmail to say "no
recipients found in headers"? And compare with the headers generated by the
successful mail.
It might help tell if it's a bug or working as designed ;-) or maybe a
mailx issue not sendmail.

A quick ltrace says
> ```
>  1qXia0-000BPb-0a Failed to create spool file
> /var/spool/exim4//input//1qXia0-000BPb-0a-D: Permission denied
> ```
>
> However there are no avc: messages for me to allow this through in my
> selinux module
> I even tried
>
> ```
> allow unconfined_t exim_spool_t:file { open read write create };
> allow unconfined_t exim_spool_t:dir { open read write };
> ```
>
> since /var/spool/exim4/input has exim_spool_dir set in it
>
> I cant fine any booleans either ..
>
> Please could someone tell me how to get this to work ? has anyone got
> mailx working with selinux on their system ?
>
>
>