[CentOS] New selinux-policy breaks logwatch emails?

Fri Jan 8 21:39:40 UTC 2010
Kwan Lowe <kwan.lowe at gmail.com>

On Fri, Jan 8, 2010 at 8:28 AM, James Rankin <rankin.james at gmail.com> wrote:

> Frankly, this error message means little to mean... in the course of
> troubleshooting, I tried this:
> # setenforce Permissive
> # /etc/cron.daily/0logwatch
> And it worked! The logwatch email sends without error. If I turn SELinux
> back to Enforcing, then the email error is consistently repeated.
> What confuses me is that, when SElinux enforcing causes this error to occur,
> no SELinux or AVC messages appear in /var/log/messages or /vaar/log/secure
> or /var/log/audit/audit.log.
> Has anyone else seen this? Any suggestions would be appreciated.
> Thanks!

That's interesting... Have you tried increasing the loglevel? It's a
kernel option, unfortunately, and enabled with an audit=xx on the grub
boot. It might give you more than you're seeing in the audit log. You
may also want to try a relabel and manually check the context of all
associated binaries.