Re: Allow apache to send mail?
Daniel J Walsh said the following on 07/12/2005 21:24:
Robin Bowes wrote:
> Hi,
>
> Can anyone tell me how to allow apache (httpd) to send mail, i.e. to use
> the smtp port?
>
> I'm trying to enable notifications in Trac and am seeing this in the
> audit log:
>
> type=AVC msg=audit(1133985478.317:38): avc: denied { name_connect }
> for pid=2175 comm="httpd" dest=25 scontext=system_u:system_r:httpd_t
> tcontext=system_u:object_r:smtp_port_t tclass=tcp_socket
> type=SYSCALL msg=audit(1133985478.317:38): arch=c000003e syscall=42
> success=no exit=-13 a0=11 a1=2aaab21569f0 a2=10 a3=0 items=0 pid=2175
> auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48
> fsgid=48 comm="httpd" exe="/usr/sbin/httpd"
> type=SOCKADDR msg=audit(1133985478.317:38):
> saddr=020000195433A04E0000000000000000
>
> How do I modify my policy to allow this?
Easiest way is
setsebool -P httpd_can_network_connect=1
Daniel,
Thanks.
I came up with the following:
allow httpd_t smtp_port_t:tcp_socket name_connect;
CAn this be added to the std policy? Or preferably added as a boolean, e.g.:
setsebool -P httpd_can_send_mail
R.