Trying to use mailx for logwatch

[Robert Moskowitz]

On 01/03/2014 11:21 AM, Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 01/02/2014 05:29 PM, Robert Moskowitz wrote:
>> And the mail is failing.  Here is what I have done:
>>
>> I determined that in: /usr/share/logwatch/default.conf/logwatch.conf mailer
>> = "/usr/sbin/sendmail -t"
>>
>> so in: /etc/logwatch/conf/logwatch.conf mailer = "/usr/bin/mailx -t"
>>
>> In /etc/aliases I have:
>>
>> # Person who should get root's mail root:        rgm
>>
>> and I ran newaliases
>>
>> 'journalctl |grep -i logwatch' shows the following (along with other
>> lines):
>>
>> Jan 02 03:32:01 lx120e.htt-consult.com run-parts[16112]: (/etc/cron.daily)
>> starting 0logwatch Jan 02 03:32:12 lx120e.htt-consult.com run-parts[16429]:
>> (/etc/cron.daily) finished 0logwatch Jan 02 03:32:16 lx120e.htt-consult.com
>> setroubleshoot[16427]: dbus avc(node=lx120e.htt-consult.com type=AVC
>> msg=audit(1388651532.024:734): avc: denied  { write } for pid=16425
>> comm="mailx" name="root" dev="dm-0" ino=1308161
>> scontext=system_u:system_r:logwatch_mail_t:s0-s0:c0.c1023
>> tcontext=system_u:object_r:admin_home_t:s0 tclass=dir
>> node=lx120e.htt-consult.com type=SYSCALL msg=audit(1388651532.024:734):
>> arch=40000003 syscall=5 success=no exit=-13 a0=9b15128 a1=8441 a2=1b6
>> a3=809134c items=0 ppid=1 pid=16425 auid=0 uid=0 gid=0 euid=0 suid=0
>> fsuid=0 egid=0 sgid=0 fsgid=0 ses=15 tty=(none) comm="mailx"
>> exe="/usr/bin/mailx" subj=system_u:system_r:logwatch_mail_t:s0-s0:c0.c1023
>> key=(null) Jan 02 03:32:16 lx120e.htt-consult.com setroubleshoot[16427]:
>> AuditRecordReceiver.add_record_to_cache(): node=lx120e.htt-consult.com
>> type=AVC msg=audit(1388651532.24:734): avc:  denied  { write } for
>> pid=16425 comm="mailx" name="root" dev="dm-0" ino=1308161
>> scontext=system_u:system_r:logwatch_mail_t:s0-s0:c0.c1023
>> tcontext=system_u:object_r:admin_home_t:s0 tclass=dir Jan 02 03:32:16
>> lx120e.htt-consult.com setroubleshoot[16427]:
>> AuditRecordReceiver.add_record_to_cache(): node=lx120e.htt-consult.com
>> type=SYSCALL msg=audit(1388651532.24:734): arch=40000003 syscall=5
>> success=no exit=-13 a0=9b15128 a1=8441 a2=1b6 a3=809134c items=0 ppid=1
>> pid=16425 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
>> ses=15 tty=(none) comm="mailx" exe="/usr/bin/mailx"
>> subj=system_u:system_r:logwatch_mail_t:s0-s0:c0.c1023 key=(null) Jan 02
>> 03:32:16 lx120e.htt-consult.com setroubleshoot[16427]: analyze_avc()
>> avc=scontext=system_u:system_r:logwatch_mail_t:s0-s0:c0.c1023
>> tcontext=system_u:object_r:admin_home_t:s0 access=['write'] tclass=dir
>> tpath=/root
>>
>> oh, here are the mail files:
>>
>> # ls -ls /var/spool/mail/ total 8 0 -rw-rw----. 1 rgm  mail    0 Jan  2
>> 16:47 rgm 8 -rw-------. 1 root mail 5886 Dec 31 12:27 root 0 -rw-rw----. 1
>> rpc  mail    0 Dec 25 13:27 rpc
>>
>> The content in root mail is from when I had postfix installed.  I have
>> since deleted it to work on getting mailx to work instead.
>>
>> =================================
>>
>>
>> perhaps /var/spool/mail/root needs 660 permissions?
>>
>>
> Do you know what mailx is trying to write into the /root directory?

The output of logwatch.  I edited /etc/logwatch/conf/logwatch.conf

with the line:

mailer = "/usr/bin/mailx -t"

To override /usr/share/logwatch/default.conf/logwatch.conf

mailer = "/usr/sbin/sendmail -t"