[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

apache + mod_perl + sendmail - FC3 SELinux



FC3 2.6.11-1.14_FC3

SELinux related rpms:
libselinux-1.19.1-8
libselinux-devel-1.19.1-8
selinux-policy-targeted-1.17.30-2.96

perl-5.8.5-9
sendmail-8.13.1-2
httpd-2.0.52-3.1

I am using software from http://software.eprints.org. Web application that uses mod_perl. It sends emails for registering users and forgotten passwords. Anything an email is fired off syslog shows this:

Apr 28 21:48:23 dlist kernel: audit(1114750103.574:0): avc: denied { read } for pid=25276 exe=/usr/sbin/httpd name=sendmail dev=dm-0 ino=368559 scontext=root:system_r:httpd_t tcontext=system_u:object_r:sbin_t tclass=lnk_file

I have also tried sending email with PHP's mail() call and it resulted in:

Apr 28 21:48:23 dlist kernel: audit(1114750103.679:0): avc: denied { write } for pid=25276 exe=/usr/sbin/sendmail.sendmail name=clientmqueue dev=dm-0 ino=2310265 scontext=root:system_r:system_mail_t tcontext=system_u:object_r:var_spool_t tclass=dir
Apr 28 21:48:23 dlist kernel: audit(1114750103.679:0): avc: denied { add_name } for pid=25276 exe=/usr/sbin/sendmail.sendmail name=dfj3T4mNH8025276 scontext=root:system_r:system_mail_t tcontext=system_u:object_r:var_spool_t tclass=dir
Apr 28 21:48:23 dlist kernel: audit(1114750103.679:0): avc: denied { create } for pid=25276 exe=/usr/sbin/sendmail.sendmail name=dfj3T4mNH8025276 scontext=root:system_r:system_mail_t tcontext=root:object_r:var_spool_t tclass=file
Apr 28 21:48:23 dlist kernel: audit(1114750103.680:0): avc: denied { getattr } for pid=25276 exe=/usr/sbin/sendmail.sendmail path=/var/spool/clientmqueue/dfj3T4mNH8025276 dev=dm-0 ino=2311458 scontext=root:system_r:system_mail_t tcontext=root:object_r:var_spool_t tclass=file
Apr 28 21:48:23 dlist kernel: audit(1114750103.680:0): avc: denied { lock } for pid=25276 exe=/usr/sbin/sendmail.sendmail path=/var/spool/clientmqueue/dfj3T4mNH8025276 dev=dm-0 ino=2311458 scontext=root:system_r:system_mail_t tcontext=root:object_r:var_spool_t tclass=file
Apr 28 21:48:23 dlist kernel: audit(1114750103.680:0): avc: denied { write } for pid=25276 exe=/usr/sbin/sendmail.sendmail path=/var/spool/clientmqueue/dfj3T4mNH8025276 dev=dm-0 ino=2311458 scontext=root:system_r:system_mail_t tcontext=root:object_r:var_spool_t tclass=file
Apr 28 21:48:23 dlist kernel: audit(1114750103.687:0): avc: denied { read } for pid=25276 exe=/usr/sbin/sendmail.sendmail name=dfj3T4mNH8025276 dev=dm-0 ino=2311458 scontext=root:system_r:system_mail_t tcontext=root:object_r:var_spool_t tclass=file
Apr 28 21:48:23 dlist kernel: audit(1114750103.696:0): avc: denied { remove_name } for pid=25276 exe=/usr/sbin/sendmail.sendmail name=tfj3T4mNH8025276 dev=dm-0 ino=2311462 scontext=root:system_r:system_mail_t tcontext=system_u:object_r:var_spool_t tclass=dir
Apr 28 21:48:23 dlist kernel: audit(1114750103.696:0): avc: denied { rename } for pid=25276 exe=/usr/sbin/sendmail.sendmail name=tfj3T4mNH8025276 dev=dm-0 ino=2311462 scontext=root:system_r:system_mail_t tcontext=root:object_r:var_spool_t tclass=file
Apr 28 21:48:23 dlist kernel: audit(1114750103.696:0): avc: denied { unlink } for pid=25276 exe=/usr/sbin/sendmail.sendmail name=qfj3T4mNH8025276 dev=dm-0 ino=2311461 scontext=root:system_r:system_mail_t tcontext=root:object_r:var_spool_t tclass=file
Apr 28 21:48:23 dlist kernel: audit(1114750103.696:0): avc: denied { read } for pid=25276 exe=/usr/sbin/sendmail.sendmail name=clientmqueue dev=dm-0 ino=2310265 scontext=root:system_r:system_mail_t tcontext=system_u:object_r:var_spool_t tclass=dir
Apr 28 21:48:23 dlist kernel: audit(1114750103.901:0): avc: denied { sigchld } for pid=1 exe=/sbin/init scontext=root:system_r:system_mail_t tcontext=user_u:system_r:unconfined_t tclass=process


This is really troubling, since sending email through a CGI application is probably the most basic web application there is. Any help would be greatly appreciated. This is my first time dealing with SELinux, so I am newbie here. :)

sestatus:
SELinux status:         enabled
SELinuxfs mount:        /selinux
Current mode:           permissive
Mode from config file:  disabled
Policy version:         18
Policy from config file:targeted

Policy booleans:
allow_ypbind            active
dhcpd_disable_trans     inactive
httpd_disable_trans     inactive
httpd_enable_cgi        active
httpd_enable_homedirs   active
httpd_ssi_exec          active
httpd_tty_comm          inactive
httpd_unified           active
mysqld_disable_trans    inactive
named_disable_trans     inactive
named_write_master_zonesinactive
nscd_disable_trans      inactive
ntpd_disable_trans      inactive
portmap_disable_trans   inactive
postgresql_disable_transinactive
snmpd_disable_trans     inactive
squid_disable_trans     inactive
syslogd_disable_trans   inactive
use_nfs_home_dirs       inactive
use_samba_home_dirs     inactive
use_syslogng            inactive
winbind_disable_trans   inactive
ypbind_disable_trans    inactive

I am not sure what other information might be helpful, but ask and you shall receive. :)



cheers,

Joe Roback
<robackja cs arizona edu>


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]