Trying to use mailx for logwatch
Daniel J Walsh
dwalsh at redhat.com
Fri Jan 3 17:03:45 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 01/03/2014 11:34 AM, Robert Moskowitz wrote:
>
> On 01/03/2014 11:21 AM, Daniel J Walsh wrote:
>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
>>
>> On 01/02/2014 05:29 PM, Robert Moskowitz wrote:
>>> And the mail is failing. Here is what I have done:
>>>
>>> I determined that in: /usr/share/logwatch/default.conf/logwatch.conf
>>> mailer = "/usr/sbin/sendmail -t"
>>>
>>> so in: /etc/logwatch/conf/logwatch.conf mailer = "/usr/bin/mailx -t"
>>>
>>> In /etc/aliases I have:
>>>
>>> # Person who should get root's mail root: rgm
>>>
>>> and I ran newaliases
>>>
>>> 'journalctl |grep -i logwatch' shows the following (along with other
>>> lines):
>>>
>>> Jan 02 03:32:01 lx120e.htt-consult.com run-parts[16112]:
>>> (/etc/cron.daily) starting 0logwatch Jan 02 03:32:12
>>> lx120e.htt-consult.com run-parts[16429]: (/etc/cron.daily) finished
>>> 0logwatch Jan 02 03:32:16 lx120e.htt-consult.com setroubleshoot[16427]:
>>> dbus avc(node=lx120e.htt-consult.com type=AVC
>>> msg=audit(1388651532.024:734): avc: denied { write } for pid=16425
>>> comm="mailx" name="root" dev="dm-0" ino=1308161
>>> scontext=system_u:system_r:logwatch_mail_t:s0-s0:c0.c1023
>>> tcontext=system_u:object_r:admin_home_t:s0 tclass=dir
>>> node=lx120e.htt-consult.com type=SYSCALL
>>> msg=audit(1388651532.024:734): arch=40000003 syscall=5 success=no
>>> exit=-13 a0=9b15128 a1=8441 a2=1b6 a3=809134c items=0 ppid=1 pid=16425
>>> auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=15
>>> tty=(none) comm="mailx" exe="/usr/bin/mailx"
>>> subj=system_u:system_r:logwatch_mail_t:s0-s0:c0.c1023 key=(null) Jan 02
>>> 03:32:16 lx120e.htt-consult.com setroubleshoot[16427]:
>>> AuditRecordReceiver.add_record_to_cache(): node=lx120e.htt-consult.com
>>> type=AVC msg=audit(1388651532.24:734): avc: denied { write } for
>>> pid=16425 comm="mailx" name="root" dev="dm-0" ino=1308161
>>> scontext=system_u:system_r:logwatch_mail_t:s0-s0:c0.c1023
>>> tcontext=system_u:object_r:admin_home_t:s0 tclass=dir Jan 02 03:32:16
>>> lx120e.htt-consult.com setroubleshoot[16427]:
>>> AuditRecordReceiver.add_record_to_cache(): node=lx120e.htt-consult.com
>>> type=SYSCALL msg=audit(1388651532.24:734): arch=40000003 syscall=5
>>> success=no exit=-13 a0=9b15128 a1=8441 a2=1b6 a3=809134c items=0
>>> ppid=1 pid=16425 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
>>> fsgid=0 ses=15 tty=(none) comm="mailx" exe="/usr/bin/mailx"
>>> subj=system_u:system_r:logwatch_mail_t:s0-s0:c0.c1023 key=(null) Jan
>>> 02 03:32:16 lx120e.htt-consult.com setroubleshoot[16427]:
>>> analyze_avc()
>>> avc=scontext=system_u:system_r:logwatch_mail_t:s0-s0:c0.c1023
>>> tcontext=system_u:object_r:admin_home_t:s0 access=['write'] tclass=dir
>>> tpath=/root
>>>
>>> oh, here are the mail files:
>>>
>>> # ls -ls /var/spool/mail/ total 8 0 -rw-rw----. 1 rgm mail 0 Jan
>>> 2 16:47 rgm 8 -rw-------. 1 root mail 5886 Dec 31 12:27 root 0
>>> -rw-rw----. 1 rpc mail 0 Dec 25 13:27 rpc
>>>
>>> The content in root mail is from when I had postfix installed. I have
>>> since deleted it to work on getting mailx to work instead.
>>>
>>> =================================
>>>
>>>
>>> perhaps /var/spool/mail/root needs 660 permissions?
>>>
>>>
>> Do you know what mailx is trying to write into the /root directory?
>
> The output of logwatch. I edited /etc/logwatch/conf/logwatch.conf
>
> with the line:
>
> mailer = "/usr/bin/mailx -t"
>
> To override /usr/share/logwatch/default.conf/logwatch.conf
>
> mailer = "/usr/sbin/sendmail -t"
>
>
Ok I just added a patch to git to allow logwatch_mail_t to write to the /root
directory certain files.
sesearch -T -s logwatch_mail_t | grep mail_home_rw_t
type_transition logwatch_mail_t admin_home_t : dir mail_home_rw_t ".maildir";
type_transition logwatch_mail_t user_home_dir_t : dir mail_home_rw_t ".maildir";
type_transition logwatch_mail_t admin_home_t : file mail_home_rw_t
".esmtp_queue";
type_transition logwatch_mail_t admin_home_t : dir mail_home_rw_t "Maildir";
type_transition logwatch_mail_t user_home_dir_t : file mail_home_rw_t
".esmtp_queue";
type_transition logwatch_mail_t user_home_dir_t : dir mail_home_rw_t "Maildir";
You could do something similar by adding:
policy_module(mylogwatch, 1.0)
gen_require(`
type logwatch_mail_t;
')
mta_filetrans_admin_home_content(logwatch_mail_t)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlLG7XEACgkQrlYvE4MpobM0fwCaA28wBEPcvt15fUHUAZvhCp/H
5bAAnjqGB1c0MBy9YBkZi4FZ8wWTf+1I
=42B1
-----END PGP SIGNATURE-----
More information about the users
mailing list