SELinux/Sendmail Problem
Donald Reader
fc-list at reader.ws
Wed Mar 12 16:18:47 UTC 2008
I have narrowed down my SELinux errors to just one while
using php to send mail via it's mail function. For the life
of me I can't get this one figured out as I did an updatedb
so I could try and use locate to find the file that is
being complained about with no luck at all.
If anyone can shed some light on this I would appreciate it
greatly. Attached is the sealert with all the info on the problem.
Thank You
Donald Reader
-------------- next part --------------
Summary:
SELinux is preventing the sendmail from using potentially mislabeled files
(2F746D702F2E4E5350522D41464D2D31353135322D62383731303536382E30202864656C6574656429).
Detailed Description:
SELinux has denied sendmail access to potentially mislabeled file(s)
(2F746D702F2E4E5350522D41464D2D31353135322D62383731303536382E30202864656C6574656429).
This means that SELinux will not allow sendmail to use these files. It is common
for users to edit files in their home directory or tmp directories and then move
(mv) them to system directories. The problem is that the files end up with the
wrong file context which confined applications are not allowed to access.
Allowing Access:
If you want sendmail to access this files, you need to relabel them using
restorecon -v
'2F746D702F2E4E5350522D41464D2D31353135322D62383731303536382E30202864656C6574656429'.
You might want to relabel the entire directory using restorecon -R -v ''.
Additional Information:
Source Context system_u:system_r:system_mail_t:s0
Target Context system_u:object_r:httpd_tmp_t:s0
Target Objects 2F746D702F2E4E5350522D41464D2D31353135322D62383731
303536382E30202864656C6574656429 [ file ]
Source sendmail
Source Path /usr/sbin/sendmail.sendmail
Port <Unknown>
Host dads.localdomain
Source RPM Packages sendmail-8.14.2-1.fc8
Target RPM Packages
Policy RPM selinux-policy-3.0.8-87.fc8
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name home_tmp_bad_labels
Host Name dads.localdomain
Platform Linux dads.localdomain 2.6.24.3-12.fc8 #1 SMP Tue
Feb 26 14:58:29 EST 2008 i686 i686
Alert Count 2
First Seen Wed 12 Mar 2008 08:36:46 AM PDT
Last Seen Wed 12 Mar 2008 08:49:35 AM PDT
Local ID ae241a7f-d927-4403-a678-59664db37886
Line Numbers
Raw Audit Messages
host=dads.localdomain type=AVC msg=audit(1205336975.827:1839): avc: denied { read write } for pid=29080 comm="sendmail" path=2F746D702F2E4E5350522D41464D2D31353135322D62383731303536382E30202864656C6574656429 dev=sda8 ino=48968 scontext=system_u:system_r:system_mail_t:s0 tcontext=system_u:object_r:httpd_tmp_t:s0 tclass=file
host=dads.localdomain type=AVC msg=audit(1205336975.827:1839): avc: denied { read } for pid=29080 comm="sendmail" path="/usr/share/GeoIP/GeoIP.dat" dev=sdb1 ino=6325960 scontext=system_u:system_r:system_mail_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=file
host=dads.localdomain type=SYSCALL msg=audit(1205336975.827:1839): arch=40000003 syscall=11 success=yes exit=0 a0=8a0a2d0 a1=8a0a440 a2=8a09750 a3=40 items=2 ppid=15193 pid=29080 auid=500 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=51 sgid=51 fsgid=51 tty=(none) comm="sendmail" exe="/usr/sbin/sendmail.sendmail" subj=system_u:system_r:system_mail_t:s0 key=(null)
host=dads.localdomain type=CWD msg=audit(1205336975.827:1839): cwd="/var/www/vhosts/Projects/Php4/Links/httpdocs"
host=dads.localdomain type=PATH msg=audit(1205336975.827:1839): item=0 name="/usr/sbin/sendmail" inode=6182037 dev=08:11 mode=0102755 ouid=0 ogid=51 rdev=00:00 obj=system_u:object_r:sendmail_exec_t:s0
host=dads.localdomain type=PATH msg=audit(1205336975.827:1839): item=1 name=(null) inode=4228847 dev=08:11 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0
More information about the fedora-list
mailing list