[CentOS] New selinux-policy breaks logwatch emails?
gebser at mousecar.com
Fri Jan 8 21:23:57 UTC 2010
On 01/08/2010 08:28 AM James Rankin wrote:
> After a yum update last night, I had a CenOS 5.4 i386 system pull in the
> following selinux updates:
> Jan 07 21:39:14 Updated: selinux-policy-2.4.6-255.el5_4.3.noarch
> Jan 07 21:39:31 Updated: selinux-policy-targeted-2.4.6-255.el5_4.3.noarch
> This machine has SELinux set to Enforcing.
> This morning, I see I got the following email from Cron:
> sendmail: warning: premature end-of-input on /usr/sbin/postdrop -r while
> reading input attribute name
> sendmail: fatal: root(0): unable to execute /usr/sbin/postdrop -r: Success
> Frankly, this error message means little to mean... in the course of
> troubleshooting, I tried this:
> # setenforce Permissive
> # /etc/cron.daily/0logwatch
> And it worked! The logwatch email sends without error. If I turn SELinux
> back to Enforcing, then the email error is consistently repeated.
> What confuses me is that, when SElinux enforcing causes this error to
> occur, no SELinux or AVC messages appear in /var/log/messages or
> /vaar/log/secure or /var/log/audit/audit.log.
> Has anyone else seen this? Any suggestions would be appreciated.
By setting selinux to "permissive", you've, in effect, turned it off.
SElinux will still provide messages about infractions, but won't prevent
things from running... i.e., it is no longer guarding your system.
More information about the CentOS