sendmail.postfix avc denied problem

Edy Corak info at ecorak.de
Fri Dec 3 13:49:38 UTC 2004


Daniel J Walsh wrote:
> Edy Corak wrote:
> 
>> Daniel J Walsh wrote:
>>
>>> Edy Corak wrote:
>>>
>>>> Helo List,
>>>>
>>>> i have a problem sending mail from php script.
>>>>
>>>> audit(1101900916.389:0): avc:  denied  { getattr } for  pid=18363 
>>>> exe=/bin/bash path=/usr/sbin/sendmail.postfix dev=md0 ino=7518272 
>>>> scontext=root:system_r:httpd_sys_script_t 
>>>> tcontext=system_u:object_r:sbin_t tclass=file
>>>>
>>>> Everything other works very good with SELinux.
>>>>
>>>> System FC3 Postfix, SELinux enforcing, targeted.
>>>>
>>>> Thank you for any help.
>>>>
>>> Update to the latest policy, should fix this problem.
>>>
>>> Dan
>>>
>>> -- 
>>> fedora-selinux-list mailing list
>>> fedora-selinux-list at redhat.com
>>> http://www.redhat.com/mailman/listinfo/fedora-selinux-list
>>>
>> Thank you very much for your prompt answer.
>>
>> I have updated the policy-targeted to 1.17.30-2.39 but it's the same 
>> problem, no chance to send mail from php script.
>>
>> audit(1102024220.525:0): avc:  denied  { getattr } for  pid=8178 
>> exe=/bin/bash path=/usr/sbin/sendmail.postfix dev=md0 ino=7513871 
>> scontext=root:system_r:httpd_sys_script_t 
>> tcontext=system_u:object_r:sbin_t tclass=file
>>
>> I look at the policy-targeted-source under file_contexts in postfix.fc 
>> there is
>> sendmail.postfix labeled as /usr/sbin/sendmail.postfix -- 
>> system_u:object_r:sendmail_exec_t
>>
>> and under /usr/sbin as system_u:object_r:sbin_t         sendmail.postfix
>>
>> rpm -q -l postfix | restorecon -R -v -f - changes to
>> system_u:object_r:sbin_t         sendmail.postfix
>>
>> which of them is correct ?
>>
>> Sorry for my bad reply before, next time i start i will right click to 
>> new.
>>
>> Thank you very much
>>
>> Edy
>>
>>
> Ok I see the problem.  It will be fixed in 
> selinux-policy-targeted-1.17.30-2.41
> It is already fixed in rawhide (selinux-policy-targeted-1.19.8-1)
> 
> -- 
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> http://www.redhat.com/mailman/listinfo/fedora-selinux-list
> 
OK I will wait for the update.

Thank you very much for your help.

Edy

-- 


Edy Corak

E-Mail: info at ecorak.de
Internet: http://www.ecorak.net/

-----




More information about the fedora-selinux-list mailing list