Strahil Nikolov
2021-Apr-03 15:55 UTC
[CentOS] SELINUX blocks procmail from executing perl script without logging
Have you checked with 'semodule -DB' ? Source:?Chapter 5. Troubleshooting problems related to SELinux Red Hat Enterprise Linux 8 | Red Hat Customer Portal | | | | | | | | | | | Chapter 5. Troubleshooting problems related to SELinux Red Hat Enterprise Linux 8 | Red Hat Customer Portal The Red Hat Customer Portal delivers the knowledge, expertise, and guidance available through your Red Hat subscription. | | | | Best Regards,Strahil Nikolov On Thu, Apr 1, 2021 at 14:43, Radu Radutiu<rradutiu at gmail.com> wrote: Hi, I'm upgrading our request tracker from Centos 7 to 8 and found some unexpected SELINUX issues with procmail. Even after I create a policy which allows all denied operations, procmail is still not allowed to run a perl script (in my case rt-mailgate). I get the following error in the procmail log: "Can't open perl script "/opt/rt5/bin/rt-mailgate": Permission denied" but I have no denied audit entry in /var/log/audit/audit.log. If I set selinux to permissive, everything works fine. Any idea how to debug this? Best regards, Radu _______________________________________________ CentOS mailing list CentOS at centos.org https://lists.centos.org/mailman/listinfo/centos
Hello, is there an archive where ISOs of older versions of Centos are kept? thanks, Ron On 4/3/21 9:55 AM, Strahil Nikolov via CentOS wrote:> Have you checked with 'semodule -DB' ? > Source:?Chapter 5. Troubleshooting problems related to SELinux Red Hat Enterprise Linux 8 | Red Hat Customer Portal > | > | > | > | | | > > | > > | > | > | | > Chapter 5. Troubleshooting problems related to SELinux Red Hat Enterprise Linux 8 | Red Hat Customer Portal > > The Red Hat Customer Portal delivers the knowledge, expertise, and guidance available through your Red Hat subscription. > | | > > | > > | > > > > Best Regards,Strahil Nikolov > > On Thu, Apr 1, 2021 at 14:43, Radu Radutiu<rradutiu at gmail.com> wrote: Hi, > > I'm upgrading our request tracker from Centos 7 to 8 and found some > unexpected SELINUX issues with procmail. Even after I create a policy which > allows all denied operations, procmail is still not allowed to run a perl > script (in my case rt-mailgate). I get the following error in the procmail > log: "Can't open perl script "/opt/rt5/bin/rt-mailgate": Permission denied" > but I have no denied audit entry in /var/log/audit/audit.log. > If I set selinux to permissive, everything works fine. Any idea how to > debug this? > > Best regards, > Radu > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos