-
Bug
-
Resolution: Duplicate
-
Normal
-
rhel-9.4
-
None
-
None
-
Important
-
rhel-security-selinux
-
ssg_security
-
None
-
False
-
False
-
-
None
-
None
-
None
-
None
-
None
Our CUPS test suite uses sendmail for verification of email notifications - the test started to fail on RHEL 9.4.0.
What were you trying to do that didn't work?
Start sendmail service
Please provide the package NVR for which bug is seen:
selinux-policy-38.1.28-1.el9.noarch
How reproducible:
Always when SELinux is turned on
Steps to reproduce
- '# dnf -y install sendmail && systemctl start sendmail'
Expected results
Started sendmail service
Actual results
# systemctl start sendmail Job for sendmail.service failed because a timeout was exceeded. See "systemctl status sendmail.service" and "journalctl -xeu sendmail.service" for details.
# systemctl status sendmail
× sendmail.service - Sendmail Mail Transport Agent
Loaded: loaded (/usr/lib/systemd/system/sendmail.service; disabled; preset: disabled)
Active: failed (Result: timeout) since Thu 2023-12-21 06:50:26 EST; 5min ago
Process: 14588 ExecStartPre=/etc/mail/make (code=exited, status=0/SUCCESS)
Process: 14590 ExecStartPre=/etc/mail/make aliases (code=exited, status=0/SUCCESS)
Process: 14598 ExecStart=/usr/sbin/sendmail -bd $SENDMAIL_OPTS $SENDMAIL_OPTARG (code=exited, status=0/SUCCESS)
CPU: 66ms
Dec 21 06:48:56 vm-10-0-185-227.hosted.upshift.rdu2.redhat.com systemd[1]: Starting Sendmail Mail Transport Agent...
Dec 21 06:48:56 vm-10-0-185-227.hosted.upshift.rdu2.redhat.com systemd[1]: sendmail.service: Can't open PID file /run/sendmail.pid (yet?) after start: Operation not permitted
Dec 21 06:48:56 vm-10-0-185-227.hosted.upshift.rdu2.redhat.com sendmail[14618]: starting daemon (8.16.1): SMTP+queueing@01:00:00
Dec 21 06:48:56 vm-10-0-185-227.hosted.upshift.rdu2.redhat.com sendmail[14618]: unable to write pid to /var/run/sendmail.pid: Permission denied
Dec 21 06:50:26 vm-10-0-185-227.hosted.upshift.rdu2.redhat.com systemd[1]: sendmail.service: start operation timed out. Terminating.
Dec 21 06:50:26 vm-10-0-185-227.hosted.upshift.rdu2.redhat.com systemd[1]: sendmail.service: Failed with result 'timeout'.
Dec 21 06:50:26 vm-10-0-185-227.hosted.upshift.rdu2.redhat.com systemd[1]: Failed to start Sendmail Mail Transport Agent.
# ausearch -m AVC,USER_AVC -ts recent
----
time->Thu Dec 21 06:48:56 2023
type=PROCTITLE msg=audit(1703159336.866:323): proctitle=2F7573722F7362696E2F73656E646D61696C002D6264002D713168
type=SYSCALL msg=audit(1703159336.866:323): arch=c000003e syscall=257 success=no exit=-13 a0=ffffff9c a1=7ffc20e23a20 a2=c1 a3=180 items=0 ppid=1 pid=14618 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=51 sgid=51 fsgid=51 tty=(none) ses=4294967295 comm="sendmail" exe="/usr/sbin/sendmail.sendmail" subj=system_u:system_r:sendmail_t:s0 key=(null)
type=AVC msg=audit(1703159336.866:323): avc: denied { create } for pid=14618 comm="sendmail" name="sendmail.pid" scontext=system_u:system_r:sendmail_t:s0 tcontext=system_u:object_r:sendmail_var_run_t:s0 tclass=file permissive=0
Additional notes:
I suspect the fix for https://issues.redhat.com/browse/RHEL-15175 caused this - it is only bug with connection to sendmail, but I was not able to verify the idea because the MR fixing it is a rebase.