Re: [courier-users] 0.75

Sun, 05 Jul 2015 20:10:22 -0700 

On 07/05/2015 06:35 PM, Sam Varshavchik wrote:
>
> Also, look at the pid and the lock files, and do an fuser to see who has
> the pid and the lock files open.
>
> -stop tries to lock the lock file, if it can't, it reads the pid from
> the pid file, sends a SIGTERM. If it's still can't lock the lock file
> after ten seconds have elapsed, it sends a SIGKILL; but it still tries
> to lock the lock file.

Surprise, it's an SELinux failure.

# lsof /var/spool/authdaemon/*
COMMAND     PID USER   FD   TYPE DEVICE SIZE/OFF    NODE NAME
courierlo   694 root 1023uW  REG  253,2        0 5242943 
/var/spool/authdaemon/pid.lock
courierlo 14264 root    3u   REG  253,2        0 5242943 
/var/spool/authdaemon/pid.lock

# cat /var/spool/authdaemon/pid
694

# ps axf | grep authd
   694 ?        S      0:00 /usr/sbin/courierlogger 
-pid=/var/spool/authdaemon/pid -start 
/usr/libexec/courier-authlib/authdaemond

...all that looks fine.

type=AVC msg=audit(1436121128.545:4130): avc:  denied  { signal } for 
pid=14263 comm="courierlogger" 
scontext=unconfined_u:unconfined_r:system_mail_t:s0-s0:c0.c1023 
tcontext=system_u:system_r:unconfined_service_t:s0 tclass=process
type=AVC msg=audit(1436121138.546:4161): avc:  denied  { sigkill } for 
pid=14263 comm="courierlogger" 
scontext=unconfined_u:unconfined_r:system_mail_t:s0-s0:c0.c1023 
tcontext=system_u:system_r:unconfined_service_t:s0 tclass=process
...

The latter message repeats.

courierlogger is set to courier_exec_t:

/etc/selinux/targeted/contexts/files/file_contexts:/usr/sbin/courierlogger 
--      system_u:object_r:courier_exec_t:s0

# ls -lZ /usr/sbin/courierlogger
-rwxr-xr-x. daemon daemon system_u:object_r:courier_exec_t:s0 
/usr/sbin/courierlogger

I think something treats courier_exec_t as an alias of system_mail_t, 
but I don't remember where that might be defined.  I'm kind of getting 
tired of filing bugs with Red Hat because they treat Courier as if it 
were sendmail.

------------------------------------------------------------------------------
Don't Limit Your Business. Reach for the Cloud.
GigeNET's Cloud Solutions provide you with the tools and support that
you need to offload your IT needs and focus on growing your business.
Configured For All Businesses. Start Your Cloud Today.
https://www.gigenetcloud.com/
_______________________________________________
courier-users mailing list
[email protected]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Reply via email to