Description of problem: I have an NFS-mounted /home. When I use fetchmail to retrieve my mail, procmail can not process it because SELinux's targeted policy does not grant the appropriate operations. The context of objects in /home is system_u:object_r:nfs_t:s0. Version-Release number of selected component (if applicable): selinux-policy-targeted-2.3.18-10 How reproducible: Every time Steps to Reproduce: 1. Set SELinux to enforce the targeted policy 2. NFS mount /home 3. Fetch mail and try to process using procmail Actual results: Mail is not processed by procmail. See attached log. Expected results: Additional info: My .procmailrc includes /etc/mail/spamassassin/spamassassin-default.rc.
Created attachment 139687 [details] Log of procmail running with SELinux in permissive mode
fixed in selinux-policy-2.4.2-2
Confirmed fixed. Thank you.
I'm still getting what appears to be that same problem in F9. The following additions seem to fix it: allow procmail_t nfs_t:file { execute execute_no_trans }; I would reopen this bug, but apparently I don't have permissions to do so...
You could open a new bug. What is procmail attempting to execute in the home directory? You can add this rule using grep procmail /var/log/audit/audit.log | audit2allow -M myprocmail semodule -i myprocmail.pp