LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Fedora (https://www.linuxquestions.org/questions/fedora-35/)
-   -   fetchmail is blocked by SELinux (https://www.linuxquestions.org/questions/fedora-35/fetchmail-is-blocked-by-selinux-444090/)

marozsas 05-12-2006 06:57 AM
fetchmail is blocked by SELinux
 
Hi fellows,

I am having a problem with fetchmail not working at boot time. I figure out the problem is related to SElinux.

The facts:

I create a "/etc/fetchmailrc" file and put "/usr/bin/fetchmail -f /etc/fetchmailrc" at the end of "/etc/rc.local" in FC5. After the computer finish the boot, I can see fetchmail is running, but there is no messages at "/var/log/fetchamail.log" as expected. No avc error messages in /var/log/messages, either.

Code:
bash-3.1$ ls -l /var/log/fetchmail.log
-rw-r--r-- 1 root root 0 May 10 04:56 /var/log/fetchmail.log
bash-3.1$ ps -ef | grep -i fetch
root      2058    1  0 04:56 ?        00:00:00 /usr/bin/fetchmail -f /etc/fetchmailrc
miguel    3983  3967  0 08:01 pts/1    00:00:00 grep -i fetch
bash-3.1$ ls -lZ /var/log/fetchmail.log /usr/bin/fetchmail
-rwxr-xr-x  root    root    system_u:object_r:fetchmail_exec_t /usr/bin/fetchmail
-rw-r--r--  root    root    system_u:object_r:var_log_t      /var/log/fetchmail.log
bash-3.1$ ps -efZ | grep -i fetch
system_u:system_r:fetchmail_t  root      2058    1  0 04:56 ?        00:00:00 /usr/bin/fetchmail -f /etc/fetchmailrc
user_u:system_r:unconfined_t    miguel    3988  3967  0 08:03 pts/1    00:00:00 grep -i fetch
bash-3.1$
When, as root, I kill the fetchmail process, the following message is displayed in /var/log/message, only after fetchamail is killed, not before:

Code:
May 10 08:04:00 gold kernel: audit(1147259040.523:514): avc:  denied  { write } for  pid=2058 comm="fetchmail" name="[12088]" dev=pipefs ino=12088 scontext=system_u:system_r:fetchmail_t:s0 tcontext=system_u:system_r:fetchmail_t:s0 tclass=fifo_file
Now, as root, if I start fetchmail in a terminal, it works ! All e-mail messages are downloaded from the several POP/IMAP servers listed at /etc/fetchmailrc and delivered to the users. The log file now has all details of the downloaded messages.

Code:
[root@gold ~]# fetchmail -f /etc/fetchmailrc
fetchmail: WARNING: Running as root is discouraged.
[root@gold ~]# ps -efZ | grep fetchmail | grep -v grep
user_u:system_r:unconfined_t    root      4037    1  0 08:04 ?        00:00:00 fetchmail -f /etc/fetchmailrc
[root@gold ~]# ls -lZ /var/log/fetchmail.log
-rw-r--r--  root    root    system_u:object_r:var_log_t      /var/log/fetchmail.log
[root@gold ~]# ls -l /var/log/fetchmail.log
-rw-r--r-- 1 root root 2900 May 10 08:04 /var/log/fetchmail.log
[root@gold ~]#
So, the question is: How to start fetchmail at boot time as the same previlegies as root in a terminal ?

I read the SElinux FAQ but I can't find a way to solve this. fetchmail is not listed as a service in system-config-security tool, so I am lost.

Any ideas and comments will be welcome !

thanks,

billymayday 05-13-2006 05:16 PM
I start fetchmail from cron with an

@reboot fetchmail -d 600

statement

.fetchmailrc sits in /root

Works fine under SELinux, but perhaps not the ideal method

mcc28 05-14-2006 07:20 AM
you may have the same problem as me...

run:

service fetchmail status

if it says locked & dead

run

service fetchmail cleanup

then

service fetchmail start

(all above as root)

The problem is SElinux but as yet Idon't know how to solve, I have posted a simlar message in FedoraForum-->Security

Mark

marozsas 05-15-2006 07:21 AM
partially solved
 
Quote:
Originally Posted by billymayday
I start fetchmail from cron with an

@reboot fetchmail -d 600

statement

.fetchmailrc sits in /root

Works fine under SELinux, but perhaps not the ideal method
Yeah, this works for me too. Thanks for the hint.

This is not the ideal method but it is better than nothing. At least it works !

Code:
@reboot fetchmail -f /etc/fetchmailrc

billymayday 05-16-2006 04:07 AM
Nice to get some completed feedback. Thanks


All times are GMT -5. The time now is 12:34 PM.