Procmail unable to forward mail due to SELinux

Solution Unverified - Updated -

Issue

Server is unable to forward mail from root user because procmail process does not have access to root home directory.

The following is logged to the procmail log

procmail: [5851] Tue Jan 01 12:00:00 2015
procmail: Executing "id,-un"
procmail: [5851] Tue Jan 01 12:00:00 2015
procmail: Assigning "USERID=root"
procmail: Executing "hostname"
procmail: Assigning "HOSTNAME=server42.example.com"
procmail: No match on "From: Mail Delivery Subsystem"
procmail: No match on "^X-Loop: ${USERID}@${HOSTNAME}"
procmail: Executing "formail,-AX-Loop: root@server42.example.com"
procmail: Assigning "LASTFOLDER=/root/forward"
procmail: Executing "/root/forward"
procmail: Notified comsat: "root@:/root/forward"
From mailsender@admin1.example.com  Tue Jan 01 12:00:00 2015
 Subject: Test procmail - admin1.example.com
  Folder: /root/forward                                                    1095
/bin/sh: /root/forward: Permission denied

The following is logged to audit log

2015-10-13T12:00:00.969148-04:00 server42.example.com audispd: node=server42.example.com type=AVC msg=audit(1444774541.967:3182): avc:  denied  { read } for  pid=5858 comm="sh" name="forward" dev="dm-6" ino=50332591 scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:object_r:admin_home_t:s0 tclass=file
2015-10-13T12:00:00.969737-04:00 server42.example.com audispd: node=server42.example.com type=AVC msg=audit(1444774541.967:3182): avc:  denied  { read } for  pid=5858 comm="sh" name="forward" dev="dm-6" ino=50332591 scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:object_r:admin_home_t:s0 tclass=file
2015-10-13T12:00:00.969796-04:00 server42.example.com audispd: node=server42.example.com type=SYSCALL msg=audit(1444774541.967:3182): arch=c000003e syscall=2 success=no exit=-13 a0=1dcf8f0 a1=0 a2=64726177726f66 a3=ffffffc0 items=1 ppid=1 pid=5858 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sh" exe="/usr/bin/bash" subj=system_u:system_r:procmail_t:s0 key=(null)
2015-10-13T12:00:00.970082-04:00 server42.example.com audispd: node=server42.example.com type=CWD msg=audit(1444774541.967:3182):  cwd="/root"
2015-10-13T12:00:00.970041-04:00 server42.example.com audispd: node=server42.example.com type=SYSCALL msg=audit(1444774541.967:3182): arch=c000003e syscall=2 success=no exit=-13 a0=1dcf8f0 a1=0 a2=64726177726f66 a3=ffffffc0 items=1 ppid=1 pid=5858 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sh" exe="/usr/bin/bash" subj=system_u:system_r:procmail_t:s0 key=(null)
2015-10-13T12:00:00.970326-04:00 server42.example.com audispd: node=server42.example.com type=PATH msg=audit(1444774541.967:3182): item=0 name="/root/forward" inode=50332591 dev=fd:06 mode=0100600 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:admin_home_t:s0 objtype=NORMAL
2015-10-13T12:00:00.970287-04:00 server42.example.com audispd: node=server42.example.com type=CWD msg=audit(1444774541.967:3182):  cwd="/root"
2015-10-13T12:00:00.970565-04:00 server42.example.com audispd: node=server42.example.com type=EOE msg=audit(1444774541.967:3182):
2015-10-13T12:00:00.970527-04:00 server42.example.com audispd: node=server42.example.com type=PATH msg=audit(1444774541.967:3182): item=0 name="/root/forward" inode=50332591 dev=fd:06 mode=0100600 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:admin_home_t:s0 objtype=NORMAL
2015-10-13T12:00:00.970774-04:00 server42.example.com audispd: node=server42.example.com type=EOE msg=audit(1444774541.967:3182):

Environment

Red Hat Enterprise Linux 7

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content