On Fri, Jan 8, 2010 at 8:28 AM, James Rankin rankin.james@gmail.com wrote:
Frankly, this error message means little to mean... in the course of troubleshooting, I tried this: # setenforce Permissive # /etc/cron.daily/0logwatch
And it worked! The logwatch email sends without error. If I turn SELinux back to Enforcing, then the email error is consistently repeated.
What confuses me is that, when SElinux enforcing causes this error to occur, no SELinux or AVC messages appear in /var/log/messages or /vaar/log/secure or /var/log/audit/audit.log.
Has anyone else seen this? Any suggestions would be appreciated. Thanks!
That's interesting... Have you tried increasing the loglevel? It's a kernel option, unfortunately, and enabled with an audit=xx on the grub boot. It might give you more than you're seeing in the audit log. You may also want to try a relabel and manually check the context of all associated binaries.