SELINUX Blocks Procmail From Executing Perl Script Without Logging
Hi,
I’m upgrading our request tracker from CentOS 7 to 8 and found some unexpected SELINUX issues with procmail. Even after I create a policy which allows all denied operations, procmail is still not allowed to run a perl script (in my case rt-mailgate). I get the following error in the procmail log: “Can’t open perl script “/opt/rt5/bin/rt-mailgate”: Permission denied”
but I have no denied audit entry in /var/log/audit/audit.log. If I set selinux to permissive, everything works fine. Any idea how to debug this?
Best regards, Radu
One thought on - SELINUX Blocks Procmail From Executing Perl Script Without Logging
Have you checked with ‘semodule -DB’ ?
Source: Chapter 5. Troubleshooting problems related to SELinux Red Hat Enterprise Linux 8 | Red Hat Customer Portal
|
|
|
| | |
|
|
|
| |
Chapter 5. Troubleshooting problems related to SELinux Red Hat Enterprise Linux 8 | Red Hat Customer Portal
The Red Hat Customer Portal delivers the knowledge, expertise, and guidance available through your Red Hat subscription.
| |
|
|
Best Regards,Strahil Nikolov
On Thu, Apr 1, 2021 at 14:43, Radu Radutiu wrote: Hi,
I’m upgrading our request tracker from CentOS 7 to 8 and found some unexpected SELINUX issues with procmail. Even after I create a policy which allows all denied operations, procmail is still not allowed to run a perl script (in my case rt-mailgate). I get the following error in the procmail log: “Can’t open perl script “/opt/rt5/bin/rt-mailgate”: Permission denied”
but I have no denied audit entry in /var/log/audit/audit.log. If I set selinux to permissive, everything works fine. Any idea how to debug this?
Best regards, Radu