From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040312 Description of problem: I use fetchmail to download mail from servers and deliver using sendmail with procmail recipes to distribute mail into various pine files/directories. While delivering mail, procmail generates selinux denied messages. I am running selinux in permissive mode. Version-Release number of selected component (if applicable): procmail-3.22-13 How reproducible: Sometimes Steps to Reproduce: 1.fetcmail queries mail server and hands mail to sendmail 2.sendmail invokes procmail to deliver messages 3.selinux generates errors Actual Results: Apr 12 05:19:30 dad kernel: audit(1081761570.198:0): avc: denied { search } for pid=5004 exe=/usr/bin/procmail name=mqueue dev=hda1 ino=819317 scontext=system_u:system_r:procmail_t tcontext=system_u:object_r:mqueue_spool_t tclass=dir Apr 12 05:19:30 dad kernel: audit(1081761570.198:0): avc: denied { write } for pid=5004 exe=/usr/bin/procmail name=mqueue dev=hda1 ino=819317 scontext=system_u:system_r:procmail_t tcontext=system_u:object_r:mqueue_spool_t tclass=dir Apr 12 05:19:30 dad kernel: audit(1081761570.198:0): avc: denied { add_name } for pid=5004 exe=/usr/bin/procmail name=_MOB.i8leAB.dad scontext=system_u:system_r:procmail_t tcontext=system_u:object_r:mqueue_spool_t tclass=dir Apr 12 05:19:30 dad kernel: audit(1081761570.198:0): avc: denied { create } for pid=5004 exe=/usr/bin/procmail name=_MOB.i8leAB.dad scontext=system_u:system_r:procmail_t tcontext=system_u:object_r:mqueue_spool_t tclass=file Apr 12 05:19:30 dad kernel: audit(1081761570.198:0): avc: denied { write } for pid=5004 exe=/usr/bin/procmail path=/var/spool/mqueue/_MOB.i8leAB.dad dev=hda1 ino=825143 scontext=system_u:system_r:procmail_t tcontext=system_u:object_r:mqueue_spool_t tclass=file Apr 12 05:19:30 dad kernel: audit(1081761570.198:0): avc: denied { getattr } for pid=5004 exe=/usr/bin/procmail path=/var/spool/mqueue/_MOB.i8leAB.dad dev=hda1 ino=825143 scontext=system_u:system_r:procmail_t tcontext=system_u:object_r:mqueue_spool_t tclass=file Apr 12 05:19:30 dad kernel: audit(1081761570.198:0): avc: denied { link } for pid=5004 exe=/usr/bin/procmail name=_MOB.i8leAB.dad dev=hda1 ino=825143 scontext=system_u:system_r:procmail_t tcontext=system_u:object_r:mqueue_spool_t tclass=file Apr 12 05:19:30 dad kernel: audit(1081761570.198:0): avc: denied { remove_name } for pid=5004 exe=/usr/bin/procmail name=_MOB.i8leAB.dad dev=hda1 ino=825143 scontext=system_u:system_r:procmail_t tcontext=system_u:object_r:mqueue_spool_t tclass=dirApr 12 05:19:30 dad kernel: audit(1081761570.198:0): avc: denied { unlink } for pid=5004 exe=/usr/bin/procmail name=_MOB.i8leAB.dad dev=hda1 ino=825143 scontext=system_u:system_r:procmail_t tcontext=system_u:object_r:mqueue_spool_t tclass=file Apr 12 05:19:30 dad kernel: audit(1081761570.200:0): avc: denied { read } for pid=5005 exe=/usr/bin/formail name=msgid.cache dev=hda1 ino=825130 scontext=system_u:system_r:procmail_t tcontext=system_u:object_r:mqueue_spool_t tclass=file Additional info: The selinux messages above are not always the same sequence, but they are usually similar. The sequence is always a series of procmail errors ending with a formail error. I am unable to correlate the errors to a particular destination or originator. All destinations have the same user:group and have the same permissions.
The system is accessing /var/spool/mqueue because of the following procmail recipe. It is given as an example in one or more procmail manpages: :0 Wh: msgid.lock | formail -D 262144 msgid.cache
Why? Could you attach your .procmailrc, please?
Created attachment 99357 [details] My procmailrc file
You use absolute paths everywhere except the first rule. ;-) Either set MAILDIR to something reasonable or replace "msgid.cache" by "$HOME/.msgid.cache" say or something similar.