Bug 556666

Summary: SELinux is preventing postfix from functioning correctly
Product: Red Hat Enterprise Linux 5 Reporter: Dimi Paun <dimi>
Component: selinux-policyAssignee: Daniel Walsh <dwalsh>
Status: CLOSED DUPLICATE QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: high Docs Contact:
Priority: low    
Version: 5.4CC: mmalik
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-01-19 13:11:21 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Dimi Paun 2010-01-19 01:21:23 UTC 
Description of problem:
When a server side process is trying to send an email (such as the cvs server, logwatch, etc), that fails with the following error:

sendmail: warning: premature end-of-input on /usr/sbin/postdrop -r while reading input attribute name
sendmail: fatal: root(0): unable to execute /usr/sbin/postdrop -r: Success

Please note that there are no errors/avc messages logged anywhere when that happens! However, "setenforce 0" fixes the problem.

This used to work just fine until Jan 12, when I did a system update and rebooted the box. The following packages where updated at that time:

Jan 12 13:03:38 Updated: selinux-policy-2.4.6-255.el5_4.3.noarch
Jan 12 13:03:40 Updated: perl-Archive-Tar-1.54-1.el5.rf.noarch
Jan 12 13:03:42 Updated: perl-Archive-Zip-1.30-1.el5.rf.noarch
Jan 12 13:04:08 Updated: selinux-policy-targeted-2.4.6-255.el5_4.3.noarch
Jan 12 13:04:51 Installed: kernel-2.6.18-164.10.1.el5.i686
Jan 12 13:05:01 Updated: kernel-headers-2.6.18-164.10.1.el5.i386
Jan 12 13:05:14 Updated: tzdata-2009u-1.el5.noarch
Jan 12 13:05:43 Installed: kernel-PAE-2.6.18-164.10.1.el5.i686
Jan 12 13:05:58 Updated: ruby-libs-1.8.5-5.el5_4.8.i386
Jan 12 13:06:02 Updated: ruby-1.8.5-5.el5_4.8.i386
Jan 12 13:06:06 Updated: xorg-x11-server-Xorg-1.1.1-48.67.el5_4.1.i386
Jan 12 13:06:09 Updated: perl-BerkeleyDB-0.40-1.el5.rf.i386
Jan 12 13:06:10 Installed: libdbi-0.8.1-2.1.i386
Jan 12 13:06:19 Updated: mysql-5.0.77-4.el5_4.1.i386
Jan 12 13:06:20 Updated: acpid-1.0.4-9.el5_4.2.i386
Jan 12 13:06:23 Updated: 4:vixie-cron-4.1-77.el5_4.1.i386
Jan 12 13:06:24 Updated: perl-Digest-SHA-5.48-1.el5.rf.i386
Jan 12 13:06:26 Updated: dbus-libs-1.1.2-12.el5_4.1.i386
Jan 12 13:06:28 Updated: rrdtool-1.4.2-1.el5.rf.i386
Jan 12 13:06:30 Updated: perl-rrdtool-1.4.2-1.el5.rf.i386
Jan 12 13:06:32 Updated: dbus-1.1.2-12.el5_4.1.i386

It would appear that version 2.4.6 of selinux-policy causes this problem.
Comment 1 Daniel Walsh 2010-01-19 13:11:21 UTC 
I believe you are having the same problem as 553492,  Please reopen if this is not the case.

You can try the selinux policy package on 

http://people.redhat.com/dwalsh/SELinux/RHEL5

Which should fix your problem.

*** This bug has been marked as a duplicate of bug 553492 ***
Comment 2 Dimi Paun 2010-01-19 14:55:09 UTC 
Yes, that seems to be the problem.