SELinux seems to have problems with sendmail on our Fedora 8 machine. When we first rolled it out I had to compile a custom policy to get sendmail to work. It was choking while checking for ".forward" files in home dirs.
Now Logwatch is choking when it tries to send the daily report from Cron. Here is the message I get from cron:
Can't exec "/usr/sbin/sendmail": Permission denied at /etc/cron.daily/0logwatch line 1022, <TESTFILE> line 3.
Can't execute /usr/sbin/sendmail -t: Permission denied
Here is the associated audit message:
May 21 04:50:26 axl kernel: audit(1211359826.011:5): security_compute_sid: invalid context unconfined_u:unconfined_r:system_mail_t:s0 for scontext=unconfined_u:unconfined_r:unconfined_crond_t:s0 tcontext=system_u:object_r:sendmail_exec_t:s0 tclass=process
I get a pair of these each day.
I found a few other instances of problems running sendmail from cron while googling but those resulted in avc denials, whereas this results in "security_compute_sid: invalid context" message.
I don't see an SELInux boolean to cover cron executing sendmail. Anyone have an idea on how to resolve this?
Thanks in advance.