Bug 2128903

Summary: sendmail hiccups in a startup sequence
Product: Red Hat Enterprise Linux 9 Reporter: Eric Eisenhart <eric.eisenhart>
Component: sendmailAssignee: Jaroslav Škarvada <jskarvad>
Status: NEW --- QA Contact: František Hrdina <fhrdina>
Severity: high Docs Contact:
Priority: unspecified    
Version: 9.0CC: eric.eisenhart, fhrdina, jwadodson, redhat-bugzilla
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Eric Eisenhart 2022-09-21 21:52:04 UTC 
Description of problem:
When rebooted, sendmail service fails to startup. Starting the service manually after boot works fine. 

When it fails at boot, these errors show up in logs:

sendmail.service: Can't open PID file /run/sendmail.pid (yet?) after start: Operation not permitted

sm-client.service: Failed to parse PID from file /run/sm-client.pid: Invalid argument

Version-Release number of selected component (if applicable):
sendmail-8.16.1-10.el9.x86_64


Steps to Reproduce:
1. Remove postfix
2. Install sendmail (we actually do this with "-postfix" and "sendmail" in kickstart)
3. Enable sendmail and sm-client services (systemctl --enable sendmail.service sm-client.service)
4. Reboot

Actual results:
Sendmail fails to start. Sometimes with 2 start attempts (I think NetworkManager dispatch). Always with the above errors about pid files.

Expected results:
Sendmail 

Additional info:
I'm able to work around this with the following in a /etc/systemd/system/sendmail.service.d/override.conf file:

[Unit]
After=network-online.target

[Service]
Restart=on-failure
RestartSec=5s
ExecStartPost=/bin/sleep 1


(ExecStartPost to sleep a second seems to be the key item, but I included the others to make sure it's after the NetworkManager stuff and restarts on failures)
Comment 1 John Dodson 2022-09-29 05:28:02 UTC 
My bug report https://bugzilla.redhat.com/show_bug.cgi?id=1931693
refers only the error in FC35 it does not seem to affect the
starting of sendmail there.

It seems to be the second line in the /run/sm-client.pid file that
triggers that error.
Comment 2 John Dodson 2023-06-29 08:30:13 UTC 
sendmail now does fail totally on FC38 but the problem appears to be selinux context problems...

type=AVC msg=audit(28/06/23 03:12:33.355:11025) : avc:  denied  { create } for  pid=1154445 comm=sendmail name=sendmail.pid scontext=system_u:system_r:sendmail_t:s0 tcontext=system_u:object_r:sendmail_var_run_t:s0 tclass=file permissive=0 
type=AVC msg=audit(29/06/23 03:24:25.076:11481) : avc:  denied  { create } for  pid=1386699 comm=sendmail name=sendmail.pid scontext=system_u:system_r:sendmail_t:s0 tcontext=system_u:object_r:sendmail_var_run_t:s0 tclass=file permissive=0 
type=AVC msg=audit(29/06/23 07:59:15.562:11553) : avc:  denied  { create } for  pid=1459730 comm=sendmail name=sendmail.pid scontext=system_u:system_r:sendmail_t:s0 tcontext=system_u:object_r:sendmail_var_run_t:s0 tclass=file permissive=0