SELinux/Sendmail Problem
Brian Chadwick
brianchad at westnet.com.au
Fri Mar 14 02:08:28 UTC 2008
Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Donald Reader wrote:
>
>> I have narrowed down my SELinux errors to just one while
>> using php to send mail via it's mail function. For the life
>> of me I can't get this one figured out as I did an updatedb
>> so I could try and use locate to find the file that is
>> being complained about with no luck at all.
>>
>> If anyone can shed some light on this I would appreciate it
>> greatly. Attached is the sealert with all the info on the problem.
>>
>> Thank You
>> Donald Reader
>>
>>
> These avc's show sendmail attempting to read files created by the apache
> process (mod_php) in /tmp. sendmail is also trying to read a file off
> of /usr/share/GeoIP/GeoIP.dat which is labeled usr_t. The easiest thing
> for you to do is to build a local policy module
>
>
> # grep httpd /var/log/audit/audit.log | audit2allow -M myhttp
> # semodule -i myhttp.pp
>
> This would allow the mail program to read these files.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.8 (GNU/Linux)
> Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
>
> iEYEARECAAYFAkfZq3QACgkQrlYvE4MpobMJoACgtUP9awE738qPTceRR1K9fU+H
> rM0AoMjM+Xq09iGJfuEjgMRDDnJPSmMs
> =bPMH
> -----END PGP SIGNATURE-----
>
>
also in Applications > SELinux Management, change the boolean "Allow
http daemon to send mail" to yes.
More information about the users
mailing list