[torqueusers] SELinux warning when pbs_server sends E-mail message

[Ole Holm Nielsen]

We're running Torque 2.3.7 on a central Torque server running RHEL6.3 OS 
(this old version of Torque is *required* for stable use with the Maui 
scheduler, see an older thread in this list).

We're seeing the following syslog message every time a job completes and 
sends an E-mail message to the user:

setroubleshoot: SELinux is preventing /usr/sbin/sendmail.sendmail from 
write access on the file /var/spool/torque/server_priv/server.lock.

SELinux is enabled in permissive mode, so this is not a severe problem, 
but it's still a nuisance to have extraneous syslog messages. I prefer 
having SELinux enabled in order to log security related events.

I looked at the Torque code server/svr_mail.c which opens a pipe to 
execute Sendmail, writes some data and then closes the pipe. The 
pbs_server's lockfile filename is never written to the Sendmail pipe, so 
why on earth would SELinux complain about Sendmail trying to write to 
that lockfile??  Could it be because svr_mail.c closes the pipe by 
fclose(outmail) in stead of pclose(outmail) as is done in the Torque 2.5 
code?

Question: Anyone running a Torque pbs_server with SElinux enabled, do 
you also see SELinux warnings like the above one?  What's your Torque 
version?

Thanks,
Ole

-- 
Ole Holm Nielsen
Department of Physics, Technical University of Denmark