Trying to use mailx for logwatch

Daniel J Walsh dwalsh at redhat.com
Fri Jan 3 17:03:45 UTC 2014 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 01/03/2014 11:34 AM, Robert Moskowitz wrote:
> 
> On 01/03/2014 11:21 AM, Daniel J Walsh wrote:
>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
>> 
>> On 01/02/2014 05:29 PM, Robert Moskowitz wrote:
>>> And the mail is failing.  Here is what I have done:
>>> 
>>> I determined that in: /usr/share/logwatch/default.conf/logwatch.conf
>>> mailer = "/usr/sbin/sendmail -t"
>>> 
>>> so in: /etc/logwatch/conf/logwatch.conf mailer = "/usr/bin/mailx -t"
>>> 
>>> In /etc/aliases I have:
>>> 
>>> # Person who should get root's mail root:        rgm
>>> 
>>> and I ran newaliases
>>> 
>>> 'journalctl |grep -i logwatch' shows the following (along with other 
>>> lines):
>>> 
>>> Jan 02 03:32:01 lx120e.htt-consult.com run-parts[16112]:
>>> (/etc/cron.daily) starting 0logwatch Jan 02 03:32:12
>>> lx120e.htt-consult.com run-parts[16429]: (/etc/cron.daily) finished
>>> 0logwatch Jan 02 03:32:16 lx120e.htt-consult.com setroubleshoot[16427]:
>>> dbus avc(node=lx120e.htt-consult.com type=AVC 
>>> msg=audit(1388651532.024:734): avc: denied  { write } for pid=16425 
>>> comm="mailx" name="root" dev="dm-0" ino=1308161 
>>> scontext=system_u:system_r:logwatch_mail_t:s0-s0:c0.c1023 
>>> tcontext=system_u:object_r:admin_home_t:s0 tclass=dir 
>>> node=lx120e.htt-consult.com type=SYSCALL
>>> msg=audit(1388651532.024:734): arch=40000003 syscall=5 success=no
>>> exit=-13 a0=9b15128 a1=8441 a2=1b6 a3=809134c items=0 ppid=1 pid=16425
>>> auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=15
>>> tty=(none) comm="mailx" exe="/usr/bin/mailx"
>>> subj=system_u:system_r:logwatch_mail_t:s0-s0:c0.c1023 key=(null) Jan 02
>>> 03:32:16 lx120e.htt-consult.com setroubleshoot[16427]: 
>>> AuditRecordReceiver.add_record_to_cache(): node=lx120e.htt-consult.com 
>>> type=AVC msg=audit(1388651532.24:734): avc:  denied  { write } for 
>>> pid=16425 comm="mailx" name="root" dev="dm-0" ino=1308161 
>>> scontext=system_u:system_r:logwatch_mail_t:s0-s0:c0.c1023 
>>> tcontext=system_u:object_r:admin_home_t:s0 tclass=dir Jan 02 03:32:16 
>>> lx120e.htt-consult.com setroubleshoot[16427]: 
>>> AuditRecordReceiver.add_record_to_cache(): node=lx120e.htt-consult.com 
>>> type=SYSCALL msg=audit(1388651532.24:734): arch=40000003 syscall=5 
>>> success=no exit=-13 a0=9b15128 a1=8441 a2=1b6 a3=809134c items=0
>>> ppid=1 pid=16425 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
>>> fsgid=0 ses=15 tty=(none) comm="mailx" exe="/usr/bin/mailx" 
>>> subj=system_u:system_r:logwatch_mail_t:s0-s0:c0.c1023 key=(null) Jan
>>> 02 03:32:16 lx120e.htt-consult.com setroubleshoot[16427]:
>>> analyze_avc() 
>>> avc=scontext=system_u:system_r:logwatch_mail_t:s0-s0:c0.c1023 
>>> tcontext=system_u:object_r:admin_home_t:s0 access=['write'] tclass=dir 
>>> tpath=/root
>>> 
>>> oh, here are the mail files:
>>> 
>>> # ls -ls /var/spool/mail/ total 8 0 -rw-rw----. 1 rgm  mail    0 Jan
>>> 2 16:47 rgm 8 -rw-------. 1 root mail 5886 Dec 31 12:27 root 0
>>> -rw-rw----. 1 rpc  mail    0 Dec 25 13:27 rpc
>>> 
>>> The content in root mail is from when I had postfix installed.  I have 
>>> since deleted it to work on getting mailx to work instead.
>>> 
>>> =================================
>>> 
>>> 
>>> perhaps /var/spool/mail/root needs 660 permissions?
>>> 
>>> 
>> Do you know what mailx is trying to write into the /root directory?
> 
> The output of logwatch.  I edited /etc/logwatch/conf/logwatch.conf
> 
> with the line:
> 
> mailer = "/usr/bin/mailx -t"
> 
> To override /usr/share/logwatch/default.conf/logwatch.conf
> 
> mailer = "/usr/sbin/sendmail -t"
> 
> 
Ok I just added a patch to git to allow logwatch_mail_t to write to the /root
directory certain files.

sesearch -T -s logwatch_mail_t | grep mail_home_rw_t
type_transition logwatch_mail_t admin_home_t : dir mail_home_rw_t ".maildir";
type_transition logwatch_mail_t user_home_dir_t : dir mail_home_rw_t ".maildir";
type_transition logwatch_mail_t admin_home_t : file mail_home_rw_t
".esmtp_queue";
type_transition logwatch_mail_t admin_home_t : dir mail_home_rw_t "Maildir";
type_transition logwatch_mail_t user_home_dir_t : file mail_home_rw_t
".esmtp_queue";
type_transition logwatch_mail_t user_home_dir_t : dir mail_home_rw_t "Maildir";

You could do something similar by adding:

policy_module(mylogwatch, 1.0)
gen_require(`
	type logwatch_mail_t;
')

mta_filetrans_admin_home_content(logwatch_mail_t)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlLG7XEACgkQrlYvE4MpobM0fwCaA28wBEPcvt15fUHUAZvhCp/H
5bAAnjqGB1c0MBy9YBkZi4FZ8wWTf+1I
=42B1
-----END PGP SIGNATURE-----

More information about the users mailing list