LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Fedora
User Name
Password
Fedora This forum is for the discussion of the Fedora Project.

Notices

Reply
 
Search this Thread
Old 05-12-2006, 06:57 AM   #1
marozsas
Senior Member
 
Registered: Dec 2005
Location: Campinas/SP - Brazil
Distribution: SuSE, RHEL, Fedora, Ubuntu
Posts: 1,393
Blog Entries: 1

Rep: Reputation: 63
fetchmail is blocked by SELinux


Hi fellows,

I am having a problem with fetchmail not working at boot time. I figure out the problem is related to SElinux.

The facts:

I create a "/etc/fetchmailrc" file and put "/usr/bin/fetchmail -f /etc/fetchmailrc" at the end of "/etc/rc.local" in FC5. After the computer finish the boot, I can see fetchmail is running, but there is no messages at "/var/log/fetchamail.log" as expected. No avc error messages in /var/log/messages, either.

Code:
bash-3.1$ ls -l /var/log/fetchmail.log
-rw-r--r-- 1 root root 0 May 10 04:56 /var/log/fetchmail.log
bash-3.1$ ps -ef | grep -i fetch
root      2058     1  0 04:56 ?        00:00:00 /usr/bin/fetchmail -f /etc/fetchmailrc
miguel    3983  3967  0 08:01 pts/1    00:00:00 grep -i fetch
bash-3.1$ ls -lZ /var/log/fetchmail.log /usr/bin/fetchmail
-rwxr-xr-x  root     root     system_u:object_r:fetchmail_exec_t /usr/bin/fetchmail
-rw-r--r--  root     root     system_u:object_r:var_log_t      /var/log/fetchmail.log
bash-3.1$ ps -efZ | grep -i fetch
system_u:system_r:fetchmail_t   root      2058     1  0 04:56 ?        00:00:00 /usr/bin/fetchmail -f /etc/fetchmailrc
user_u:system_r:unconfined_t    miguel    3988  3967  0 08:03 pts/1    00:00:00 grep -i fetch
bash-3.1$
When, as root, I kill the fetchmail process, the following message is displayed in /var/log/message, only after fetchamail is killed, not before:

Code:
May 10 08:04:00 gold kernel: audit(1147259040.523:514): avc:  denied  { write } for  pid=2058 comm="fetchmail" name="[12088]" dev=pipefs ino=12088 scontext=system_u:system_r:fetchmail_t:s0 tcontext=system_u:system_r:fetchmail_t:s0 tclass=fifo_file
Now, as root, if I start fetchmail in a terminal, it works ! All e-mail messages are downloaded from the several POP/IMAP servers listed at /etc/fetchmailrc and delivered to the users. The log file now has all details of the downloaded messages.

Code:
[root@gold ~]# fetchmail -f /etc/fetchmailrc
fetchmail: WARNING: Running as root is discouraged.
[root@gold ~]# ps -efZ | grep fetchmail | grep -v grep
user_u:system_r:unconfined_t    root      4037     1  0 08:04 ?        00:00:00 fetchmail -f /etc/fetchmailrc
[root@gold ~]# ls -lZ /var/log/fetchmail.log
-rw-r--r--  root     root     system_u:object_r:var_log_t      /var/log/fetchmail.log
[root@gold ~]# ls -l /var/log/fetchmail.log
-rw-r--r-- 1 root root 2900 May 10 08:04 /var/log/fetchmail.log
[root@gold ~]#
So, the question is: How to start fetchmail at boot time as the same previlegies as root in a terminal ?

I read the SElinux FAQ but I can't find a way to solve this. fetchmail is not listed as a service in system-config-security tool, so I am lost.

Any ideas and comments will be welcome !

thanks,
 
Old 05-13-2006, 05:16 PM   #2
billymayday
Guru
 
Registered: Mar 2006
Location: Sydney, Australia
Distribution: Fedora, CentOS, OpenSuse, Slack, Gentoo, Debian, Arch, PCBSD
Posts: 6,678

Rep: Reputation: 122Reputation: 122
I start fetchmail from cron with an

@reboot fetchmail -d 600

statement

.fetchmailrc sits in /root

Works fine under SELinux, but perhaps not the ideal method
 
Old 05-14-2006, 07:20 AM   #3
mcc28
LQ Newbie
 
Registered: May 2006
Posts: 13

Rep: Reputation: 0
you may have the same problem as me...

run:

service fetchmail status

if it says locked & dead

run

service fetchmail cleanup

then

service fetchmail start

(all above as root)

The problem is SElinux but as yet Idon't know how to solve, I have posted a simlar message in FedoraForum-->Security

Mark

Last edited by mcc28; 05-14-2006 at 10:35 AM.
 
Old 05-15-2006, 07:21 AM   #4
marozsas
Senior Member
 
Registered: Dec 2005
Location: Campinas/SP - Brazil
Distribution: SuSE, RHEL, Fedora, Ubuntu
Posts: 1,393
Blog Entries: 1

Original Poster
Rep: Reputation: 63
partially solved

Quote:
Originally Posted by billymayday
I start fetchmail from cron with an

@reboot fetchmail -d 600

statement

.fetchmailrc sits in /root

Works fine under SELinux, but perhaps not the ideal method
Yeah, this works for me too. Thanks for the hint.

This is not the ideal method but it is better than nothing. At least it works !

Code:
@reboot fetchmail -f /etc/fetchmailrc
 
Old 05-16-2006, 04:07 AM   #5
billymayday
Guru
 
Registered: Mar 2006
Location: Sydney, Australia
Distribution: Fedora, CentOS, OpenSuse, Slack, Gentoo, Debian, Arch, PCBSD
Posts: 6,678

Rep: Reputation: 122Reputation: 122
Nice to get some completed feedback. Thanks
 
  


Reply

Tags
fetchmail, selinux


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Why is my port 25 still blocked jfaberna Linux - Security 8 02-21-2006 10:46 PM
Blocked mount wtrskee Linux - Networking 2 02-21-2006 03:53 PM
Blocked bhughesiii Linux - Networking 9 05-12-2005 01:44 PM
Sound Gets Blocked Crashed_Again Linux - General 2 10-26-2003 10:12 AM
blocked port 80 squi Linux - Newbie 1 09-19-2003 09:57 AM


All times are GMT -5. The time now is 04:05 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration