SELinux/Sendmail Problem
Daniel J Walsh
dwalsh at redhat.com
Thu Mar 13 22:32:20 UTC 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Donald Reader wrote:
> I have narrowed down my SELinux errors to just one while
> using php to send mail via it's mail function. For the life
> of me I can't get this one figured out as I did an updatedb
> so I could try and use locate to find the file that is
> being complained about with no luck at all.
>
> If anyone can shed some light on this I would appreciate it
> greatly. Attached is the sealert with all the info on the problem.
>
> Thank You
> Donald Reader
>
These avc's show sendmail attempting to read files created by the apache
process (mod_php) in /tmp. sendmail is also trying to read a file off
of /usr/share/GeoIP/GeoIP.dat which is labeled usr_t. The easiest thing
for you to do is to build a local policy module
# grep httpd /var/log/audit/audit.log | audit2allow -M myhttp
# semodule -i myhttp.pp
This would allow the mail program to read these files.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkfZq3QACgkQrlYvE4MpobMJoACgtUP9awE738qPTceRR1K9fU+H
rM0AoMjM+Xq09iGJfuEjgMRDDnJPSmMs
=bPMH
-----END PGP SIGNATURE-----
More information about the users
mailing list