Marc Schwartz wrote:
I took advantage of the long weekend here in the States to finally
update to FC5. All went well in general, however it has become apparent
that procmail is problematic with SELinux enabled.
fetchmail and postfix work fine in terms of getting my e-mail from
multiple POP3 accounts. However local (~/.procmailrc) procmail filtering
My FC4 configuration files, with a few edits to reflect some path
changes for postfix, now work fine with SELinux disabled. I was not
running SELinux on FC4 and all worked fine there.
I found other FC5/SELinux posts where others have had similar problems
and disabling SELinux solved them.
This is on a fully updated FC5 system as of the writing of this post.
Is there a policy update pending to resolve this issue or some temporary
steps that can be used in the interim, short of disabling SELinux entirely?
I'm using procmail with sendmail on FC5. and whilst there were
significant problems getting it to work with the out-of-the-box policy,
it's mostly fixed now. The only local tweaks I do to policy are to add
the ability to write a log file to /var/log (probably peculiar to me),
to allow it to forward mail by calling sendmail (I think policy still
doesn't allow reading of the /usr/sbin/sendmail -> /etc/alternatives/mta
symlink, which pretty much most procmail users will need), and to allow
programs called from procmail to create temporary files.
If you run SELinux in permissive mode and post the AVCs that get logged
when procmail is running, it should be possible to get this fixed.