[CentOS] SELINUX blocks procmail from executing perl script without logging

Thu Apr 1 11:43:16 UTC 2021
Radu Radutiu <rradutiu at gmail.com>


I'm upgrading our request tracker from Centos 7 to 8 and found some
unexpected SELINUX issues with procmail. Even after I create a policy which
allows all denied operations, procmail is still not allowed to run a perl
script (in my case rt-mailgate). I get the following error in the procmail
log: "Can't open perl script "/opt/rt5/bin/rt-mailgate": Permission denied"
but I have no denied audit entry in /var/log/audit/audit.log.
If I set selinux to permissive, everything works fine. Any idea how to
debug this?

Best regards,