[CentOS] SELinux issue?

Chuck Campbell

campbell at accelinc.com
Mon Jun 16 14:29:51 UTC 2014


I've recently built a new mail server with centos6.5, and decided to bite the 
bullet and leave SELinux running. I've stumbled through making things work and 
am mostly there.

I've got my own spam and ham corpus as mbox files in /home/user/Mail/learned. 
These files came from my backup of the centos 5 server this machine is replacing.

The folder is owned by the user (the following is run as root):
ls -laF learned
drw-------. 6 user group   4096 Jun 10 03:35 ./
drw-------. 6 user group  35864Jun 10 03:35 ../
drw-------. 6 user group   4096 Jun 10 03:35 2004/
-rw-------. 6 user group 155296 Jun 10 03:35 2014_10_Jun_learned_spam
-rw-------. 6 user group 996584 Jun 10 03:35 2014_10_Jun_learned_ham

also as root:
ls -laZlearned
drw-------. 6 user group unconfined_u:object_r:mail_spool_t:s0.
drw-------. 6 user group unconfined_u:object_r:mail_spool_t:s0..
drw-------. 6 user group unconfined_u:object_r:mail_spool_t:s02004
-rw-------. 6 user group system_u:object_r:mail_spool_t:s02014_10_Jun_learned_spam
-rw-------. 6 user group system_u:object_r:mail_spool_t:s02014_10_Jun_learned_ham


When I do the same as the user, I get this:
ls -laF learned
ls: cannot access learned/2004: Permission denied
ls: cannot access 2014_10_Jun_learned_spam: Permission denied
ls: cannot access 2014_10_Jun_learned_ham: Permission denied
total 0
d???????? ? ? ? ?             ? ./
d???????? ? ? ? ?             ? ../
d???????? ? ? ? ?             ? 2004/
-???????? ? ? ? ?             ? 2014_10_Jun_learned_spam
-???????? ? ? ? ?             ? 2014_10_Jun_learned_ham

and this:
ls -laFZ learned
ls: cannot access learned/2004: Permission denied
ls: cannot access 2014_10_Jun_learned_spam: Permission denied
ls: cannot access 2014_10_Jun_learned_ham: Permission denied
total 0
d???????? ? ?                                           ./
d???????? ? ?     ../
d???????? ? ?     2004/
-???????? ? ? 2014_10_Jun_learned_spam
-???????? ? ? 2014_10_Jun_learned_ham

The user's process to feed the spam and ham to spamassassin fails when trying to 
write to the directories, even though the files are owned by user:group

What, precisely is wrong here? I don't get any AVC entries in 
/var/log/audit/audit.log, so I'm at a loss as to what to try next. Should this 
directory not be target mail_spool_t? Any guesses?

-chuck

-- 
ACCEL Services, Inc.| Specialists in Gravity, Magnetics |  (713)993-0671 ph.
                     |   and Integrated Interpretation   |  (713)993-0608 fax
448 W. 19th St. #325|            Since 1992             |  (713)306-5794 cell
  Houston, TX, 77008 |          Chuck Campbell           | campbell at accelinc.com
                     |  President & Senior Geoscientist  |

      "Integration means more than having all the maps at the same scale!"




More information about the CentOS mailing list