Trying to use mailx for logwatch

Daniel J Walsh dwalsh at redhat.com
Tue Jan 7 16:48:59 UTC 2014 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 01/07/2014 11:44 AM, Robert Moskowitz wrote:
> getting closer.  I am running a new install.  So a fresh start on this...
> 
> On 01/06/2014 11:14 AM, Daniel J Walsh wrote:
>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
>> 
>> On 01/03/2014 12:25 PM, Robert Moskowitz wrote:
>>> On 01/03/2014 12:03 PM, Daniel J Walsh wrote:
>>>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
>>>> 
>>>> On 01/03/2014 11:34 AM, Robert Moskowitz wrote:
>>>>> On 01/03/2014 11:21 AM, Daniel J Walsh wrote:
>>>>>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
>>>>>> 
>>>>>> On 01/02/2014 05:29 PM, Robert Moskowitz wrote:
>>>>>>> And the mail is failing.  Here is what I have done:
>>>>>>> 
>>>>>>> I determined that in: 
>>>>>>> /usr/share/logwatch/default.conf/logwatch.conf mailer = 
>>>>>>> "/usr/sbin/sendmail -t"
>>>>>>> 
>>>>>>> so in: /etc/logwatch/conf/logwatch.conf mailer =
>>>>>>> "/usr/bin/mailx -t"
>>>>>>> 
>>>>>>> In /etc/aliases I have:
>>>>>>> 
>>>>>>> # Person who should get root's mail root:        rgm
>>>>>>> 
>>>>>>> and I ran newaliases
>>>>>>> 
>>>>>>> 'journalctl |grep -i logwatch' shows the following (along with 
>>>>>>> other lines):
>>>>>>> 
>>>>>>> Jan 02 03:32:01 lx120e.htt-consult.com run-parts[16112]: 
>>>>>>> (/etc/cron.daily) starting 0logwatch Jan 02 03:32:12 
>>>>>>> lx120e.htt-consult.com run-parts[16429]: (/etc/cron.daily) 
>>>>>>> finished 0logwatch Jan 02 03:32:16 lx120e.htt-consult.com 
>>>>>>> setroubleshoot[16427]: dbus avc(node=lx120e.htt-consult.com 
>>>>>>> type=AVC msg=audit(1388651532.024:734): avc: denied  { write }
>>>>>>> for pid=16425 comm="mailx" name="root" dev="dm-0" ino=1308161 
>>>>>>> scontext=system_u:system_r:logwatch_mail_t:s0-s0:c0.c1023 
>>>>>>> tcontext=system_u:object_r:admin_home_t:s0 tclass=dir 
>>>>>>> node=lx120e.htt-consult.com type=SYSCALL 
>>>>>>> msg=audit(1388651532.024:734): arch=40000003 syscall=5
>>>>>>> success=no exit=-13 a0=9b15128 a1=8441 a2=1b6 a3=809134c
>>>>>>> items=0 ppid=1 pid=16425 auid=0 uid=0 gid=0 euid=0 suid=0
>>>>>>> fsuid=0 egid=0 sgid=0 fsgid=0 ses=15 tty=(none) comm="mailx"
>>>>>>> exe="/usr/bin/mailx" 
>>>>>>> subj=system_u:system_r:logwatch_mail_t:s0-s0:c0.c1023
>>>>>>> key=(null) Jan 02 03:32:16 lx120e.htt-consult.com
>>>>>>> setroubleshoot[16427]: 
>>>>>>> AuditRecordReceiver.add_record_to_cache(): 
>>>>>>> node=lx120e.htt-consult.com type=AVC
>>>>>>> msg=audit(1388651532.24:734): avc:  denied  { write } for
>>>>>>> pid=16425 comm="mailx" name="root" dev="dm-0" ino=1308161 
>>>>>>> scontext=system_u:system_r:logwatch_mail_t:s0-s0:c0.c1023 
>>>>>>> tcontext=system_u:object_r:admin_home_t:s0 tclass=dir Jan 02 
>>>>>>> 03:32:16 lx120e.htt-consult.com setroubleshoot[16427]: 
>>>>>>> AuditRecordReceiver.add_record_to_cache(): 
>>>>>>> node=lx120e.htt-consult.com type=SYSCALL 
>>>>>>> msg=audit(1388651532.24:734): arch=40000003 syscall=5
>>>>>>> success=no exit=-13 a0=9b15128 a1=8441 a2=1b6 a3=809134c
>>>>>>> items=0 ppid=1 pid=16425 auid=0 uid=0 gid=0 euid=0 suid=0
>>>>>>> fsuid=0 egid=0 sgid=0 fsgid=0 ses=15 tty=(none) comm="mailx"
>>>>>>> exe="/usr/bin/mailx" 
>>>>>>> subj=system_u:system_r:logwatch_mail_t:s0-s0:c0.c1023
>>>>>>> key=(null) Jan 02 03:32:16 lx120e.htt-consult.com
>>>>>>> setroubleshoot[16427]: analyze_avc() 
>>>>>>> avc=scontext=system_u:system_r:logwatch_mail_t:s0-s0:c0.c1023 
>>>>>>> tcontext=system_u:object_r:admin_home_t:s0 access=['write'] 
>>>>>>> tclass=dir tpath=/root
>>>>>>> 
>>>>>>> oh, here are the mail files:
>>>>>>> 
>>>>>>> # ls -ls /var/spool/mail/ total 8 0 -rw-rw----. 1 rgm  mail
>>>>>>> 0 Jan 2 16:47 rgm 8 -rw-------. 1 root mail 5886 Dec 31 12:27
>>>>>>> root 0 -rw-rw----. 1 rpc  mail    0 Dec 25 13:27 rpc
>>>>>>> 
>>>>>>> The content in root mail is from when I had postfix installed.
>>>>>>> I have since deleted it to work on getting mailx to work
>>>>>>> instead.
>>>>>>> 
>>>>>>> =================================
>>>>>>> 
>>>>>>> 
>>>>>>> perhaps /var/spool/mail/root needs 660 permissions?
>>>>>>> 
>>>>>>> 
>>>>>> Do you know what mailx is trying to write into the /root
>>>>>> directory?
>>>>> The output of logwatch.  I edited /etc/logwatch/conf/logwatch.conf
>>>>> 
>>>>> with the line:
>>>>> 
>>>>> mailer = "/usr/bin/mailx -t"
>>>>> 
>>>>> To override /usr/share/logwatch/default.conf/logwatch.conf
>>>>> 
>>>>> mailer = "/usr/sbin/sendmail -t"
>>>>> 
>>>>> 
>>>> Ok I just added a patch to git to allow logwatch_mail_t to write to
>>>> the /root directory certain files.
>>>> 
>>>> sesearch -T -s logwatch_mail_t | grep mail_home_rw_t type_transition 
>>>> logwatch_mail_t admin_home_t : dir mail_home_rw_t ".maildir"; 
>>>> type_transition logwatch_mail_t user_home_dir_t : dir mail_home_rw_t 
>>>> ".maildir"; type_transition logwatch_mail_t admin_home_t : file 
>>>> mail_home_rw_t ".esmtp_queue"; type_transition logwatch_mail_t 
>>>> admin_home_t : dir mail_home_rw_t "Maildir"; type_transition 
>>>> logwatch_mail_t user_home_dir_t : file mail_home_rw_t
>>>> ".esmtp_queue"; type_transition logwatch_mail_t user_home_dir_t : dir
>>>> mail_home_rw_t "Maildir";
>>>> 
>>>> You could do something similar by adding:
>>>> 
>>>> policy_module(mylogwatch, 1.0) gen_require(` type logwatch_mail_t;
>>>> ')
>>>> 
>>>> mta_filetrans_admin_home_content(logwatch_mail_t)
>>> Dan, you are way beyond me here.  I need pretty clear cookbooks.
>>> Changing a line in a .conf is one thing, what are you telling me to do
>>> here?  Just cut and paste from policy... to mta... into a rooted
>>> terminal session?
>>> 
>>> 
>> 
>> Create a file mylogwatch.te with the following content.
>> 
>> policy_module(mylogwatch, 1.0) gen_require(` type logwatch_mail_t; ')
>> 
>> mta_filetrans_admin_home_content(logwatch_mail_t)
>> 
>> Now execute this command to compile the policy and load it into the
>> kernel
>> 
>> # make -f /usr/share/selinux/devel/Makefile
> 
> # make -f /usr/share/selinux/devel/Makefile make:
> /usr/share/selinux/devel/Makefile: No such file or directory make: *** No
> rule to make target `/usr/share/selinux/devel/Makefile'.  Stop.
> 
> So what do I need to install.  This is the base Gnome x86_64 with only
> Admin tools added.  Oh and svn and git, as I need them for joint Internet
> Draft writing...
>> # semodule -i mylogwatch.pp
>> 
>> Now you should be allowed to run logwatch_mail_t in enforcing mode.
>> 
> 
yum install selinux-policy-devel


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlLML/sACgkQrlYvE4MpobOQcQCgjRchyiyyZJv56wcwu3K/oveb
RYEAoNWoPAFtA30wOs37Rk+YrPEF8BUR
=5Kdo
-----END PGP SIGNATURE-----

More information about the users mailing list