Hello,
I hope somebody has seen this before. I am not sure if it is a bug or my not completely understanding how SELinux works.
My mail server was working fine secured by SELinux running in enforcing mode. Our company lost connection the the Internet for a couple days so I edited sendmail.mc to skip the domain check for the duration. I edited the file ran MAKE and restarted the sendmail process. I also disabled spamd because all of the email would be internal.
Well SELinux didn't like what I did and started to produce lots of AVC messages and provided solutions to most of them. I followed the suggestion in the "Allowing Access" section of the setroubleshoot browser and most of the messages went away. After about a dozen of these messages, I decided to just have the system "relabel on next reboot" using the SELinux management tool. When that didn't fix the problem, I just disabled SELinux until the Internet connection was fixed.
So the connection was fixed, I fixed the sendmail.mc file to be exactly the same as before the problem. I used MAKE on the file and relabeled the SELinux during a reboot and reset SELinux to enforcement mode.
Spamd will not start in enforcement mode. I get the following setroubleshoot message:
Summary SELinux is preventing spamd (spamd_t) "search" to mail (httpd_sys_content_t).
Detailed Description SELinux denied access requested by spamd. It is not expected that this access is required by spamd and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access.
Allowing Access Sometimes labeling problems can cause SELinux denials. You could try to restore the default system file context for mail, restorecon -v mail If this does not work, there is currently no automatic way to allow this access. Instead, you can generate a local policy module to allow this access - see FAQ Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report against this package.
Additional Information Source Context: system_u:system_r:spamd_t Target Context: system_u:object_r:httpd_sys_content_t Target Objects: mail [ dir ] Affected RPM Packages: Policy RPM: selinux-policy-2.6.4-46.fc7 Selinux Enabled: TruePolicy Type: targetedMLS Enabled: True Enforcing Mode: Permissive Plugin Name: plugins.catchall_file
When I ran the suggested fix "restorecon -v mail" I get the following error message: lstat(mail) failed: No such file or directory
I was under the impression that if I relabeled the system everything would be reset, but obviously I am incorrect...
I have also received other AVC messages all relating to sendmail files. I was not sure if these would help so I did not include them in this message (This questions is already pretty long!).
Any idea how I can get spamd to run in enforcing mode -and- get SELinux to be happy again?
Thanks,
Doug