More selinux questions

Gene Heskett gene.heskett at verizon.net
Sun Feb 3 11:05:26 UTC 2008 

Greetings;

After several failures on Sunday mornings to properly rotate some logs 
generated by fetchmail, I give up and need help.

logrotate can kill fetchmail ok, but cannot restart it, and I've now tried 
both of these invocations in the postrotate script, and both fail, sending 
me emails to that effect:

system_u:system_r:unconfined_t:s0 is not a valid context
error: error running non-shared postrotate script for /var/log/fetchmail.log 
of '/var/log/fetchmail.log /var/log/procmail.log '
fetchmail: no process killed
system_u:system_r:unconfined_t:s0 is not a valid context
error: error running non-shared postrotate script for /var/log/procmail.log 
of '/var/log/fetchmail.log /var/log/procmail.log '

I had tried your recommended launching line this week after the su gene -c
version failed last week:

runcon -t unconfined_t -- runuser -l -c "fetchmail -d 90 --fetchmailrc /home/gene/.fetchmailrc" gene

Which generated the above message, and this one:
su gene -c "fetchmail -d 90 --fetchmailrc /home/gene/.fetchmailrc"

which works to restart it from a shell just fine.  The runcon version works
at bootup time just fine, so why can't I use it in a logrotation script?

I think I see one problem though, with both logs named in the same script,
its doing 2 killalls of fetchmail, so I'll make those 2 separate scripts I
guess.  Done.

But how DO I relaunch fetchmail in the postrotate section?

Also, in /etc/croon.daily, tmpwatch is having trouble, from the same email 
from cron as above:
/etc/cron.daily/tmpwatch:

error: failed to lstat /tmp/.spamassassin5459PpduEPtmp: Permission denied

What is this?  I thought anything could use /tmp for anything...
It exists:
-rw-------  1 gene   gene    3298 2008-01-07 20:49 .spamassassin5459PpduEPtmp

Humm, from the cli:
[root at coyote logrotate.d]# lstat /tmp/.spamassassin5459PpduEPtmp
-bash: lstat: command not found

But, take off the el and just run stat
[root at coyote logrotate.d]# stat /tmp/.spamassassin5459PpduEPtmp
  File: `/tmp/.spamassassin5459PpduEPtmp'
  Size: 3298            Blocks: 8          IO Block: 4096   regular file
Device: fe00h/65024d    Inode: 26378244    Links: 1
Access: (0600/-rw-------)  Uid: (  500/    gene)   Gid: (  500/    gene)
Access: 2008-02-01 02:24:19.000000000 -0500
Modify: 2008-01-07 20:49:23.000000000 -0500
Change: 2008-01-07 20:49:23.000000000 -0500

Typu in a script someplace?

Thanks for any clarification offered here.

-- 
Cheers, Gene
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
How much of their influence on you is a result of your influence on them?

More information about the fedora-selinux-list mailing list