Hello-
System: Fedora Core 3, current
I am using a trouble ticketing system written in PHP (phpSupport) which uses sendmail
through
calling a perl script provided by the package. Every time phpSupport passes a mail request
to
sendmail, this audit appears:
Sep 27 12:43:34 apache02 kernel: audit(1127839414.326:11): avc: denied { name_connect }
for
pid=3948 comm="sendmail" dest=25 scontext=user_u:system_r:system_mail_t
tcontext=system_u:object_r:smtp_port_t tclass=tcp_socket
In /var/log/maillog, sendmail logs this for the email transaction:
Sep 27 12:43:34 apache02 sendmail[3948]: j8RGhYfY003948: from=apache, size=505, class=0,
nrcpts=1, msgid=<200509271643.j8RGhYfY003948(a)apache02.qwik.net>,
relay=apache@localhost
Sep 27 12:43:34 apache02 sendmail[3948]: j8RGhYfY003948: to=aastaneh(a)cmax2.com,
ctladdr=apache
(48/48), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30505, relay=[127.0.0.1]
[127.0.0.1],
dsn=4.0.0, stat=Deferred: Permission denied
I have already submitted a bug report
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=168874
and this problem was fixed in FC4... with no real note of fixing it for FC3.
I have already did a touch /.autorelabel and rebooted, but to no avail..
The only fix is to take the results of audit2allow and recompile policy (which worked on
my
development box).
I am a little wary of building policy from policy-sources on a production machine in order
to
insert dontaudit rules to stop this denial.. is it possible to build policy on a
development
server (with the exact architecture) and transplant it into the production machine? If so-
what
procedure must I follow?
Are there any other solutions?
Amin Astaneh