Kanwar Ranbir Sandhu wrote:
On Wed, 2005-02-02 at 12:42 -0500, Daniel J Walsh wrote:
>For the time being you might want to
>change the
>turn httpd transitioning off.
>
>setsebool -P httpd_disable_trans 1
>
>
I gave that a shot, but it doesn't work. A denial is still reported:
avc: denied { search } for pid=6904 exe=/usr/sbin/sendmail.postfix
name=postfix dev=dm-5 ino=34833 scontext=root:system_r:system_mail_t
tcontext=system_u:object_r:mail_spool_t tclass=dir
BTW, the error reported in /var/log/maillog is this:
postfix/sendmail[6904]: fatal: chdir /var/spool/postfix: Permission
denied
Email is making it's way into RT because tickets are being created.
It's just the auto replies from RT that aren't making it out.
Basically, RT is not being allowed to SEND email.
Since I'm still running tests on RT (just upgraded), I'm going to set
SElinux to permissive mode. I'm sure I'm going to run into other
problems with selinux.
Regards,
Ranbir
There is a bug in targeted policy that allows the system to transition
from unconfined_t to httpd_sys_script_t even
if httpd_disable_trans is set.
selinux-policy-targeted-1.17.30-2.76 should fix this for FC3
selinux-policy-targeted-1.21.8.3 should fix this for rawhide
both are available on
ftp://people.redhat.com/dwalsh/SELinux/{FC3,Fedora}