Radu Radutiu
2021-Apr-01 11:43 UTC
[CentOS] SELINUX blocks procmail from executing perl script without logging
Hi, I'm upgrading our request tracker from Centos 7 to 8 and found some unexpected SELINUX issues with procmail. Even after I create a policy which allows all denied operations, procmail is still not allowed to run a perl script (in my case rt-mailgate). I get the following error in the procmail log: "Can't open perl script "/opt/rt5/bin/rt-mailgate": Permission denied" but I have no denied audit entry in /var/log/audit/audit.log. If I set selinux to permissive, everything works fine. Any idea how to debug this? Best regards, Radu
Strahil Nikolov
2021-Apr-03 15:55 UTC
[CentOS] SELINUX blocks procmail from executing perl script without logging
Have you checked with 'semodule -DB' ? Source:?Chapter 5. Troubleshooting problems related to SELinux Red Hat Enterprise Linux 8 | Red Hat Customer Portal | | | | | | | | | | | Chapter 5. Troubleshooting problems related to SELinux Red Hat Enterprise Linux 8 | Red Hat Customer Portal The Red Hat Customer Portal delivers the knowledge, expertise, and guidance available through your Red Hat subscription. | | | | Best Regards,Strahil Nikolov On Thu, Apr 1, 2021 at 14:43, Radu Radutiu<rradutiu at gmail.com> wrote: Hi, I'm upgrading our request tracker from Centos 7 to 8 and found some unexpected SELINUX issues with procmail. Even after I create a policy which allows all denied operations, procmail is still not allowed to run a perl script (in my case rt-mailgate). I get the following error in the procmail log: "Can't open perl script "/opt/rt5/bin/rt-mailgate": Permission denied" but I have no denied audit entry in /var/log/audit/audit.log. If I set selinux to permissive, everything works fine. Any idea how to debug this? Best regards, Radu _______________________________________________ CentOS mailing list CentOS at centos.org https://lists.centos.org/mailman/listinfo/centos