selinux and mail() in php code

[Hongwei Li]

Hi,

I posted this message a few days ago, but haven't seen any reply.  Did I
miss some posts?  Here, I include my test code and post it again.  Hope
selinux experts can help me.

My system information --

os:             RedHat FC3 linux, kernel-2.6.10-1.741_FC3, selinux
enforced, iptables enabled
selinux:        selinux-policy-targeted-1.17.30-2.73 (the most update one)
iptables:       iptables-1.2.11-3.1.FC3
web:            httpd-2.0.52-3.1
sendmail:       sendmail-8.13.1-2
php:            php-4.3.10-3.2
SELINUXTYPE     targeted

I have a testing feedback php code for my web site using

mail($toaddress, $subject, $feedback, $fromaddress);

If selinux is disabled, the code works well.  The user ($toaddress)
receives the content ($mailcontent), etc.  However, if selinux is
enforced, the user does not receive it and the system log shows:

Jan 28 14:19:46 pippo kernel: audit(1106943586.048:0): avc:  denied  {
read } for  pid=6801 exe=/usr/sbin/sendmail.sendmail name=clientmqueue
dev=hda3 ino=470506 scontext=user_u:system_r:httpd_sys_script_t
tcontext=system_u:object_r:mqueue_spool_t tclass=dir

Should I do something to make it working with selinux enforced?

Is there anybody out there who uses php's mail() function in the "feedback
form" in his web server?  Below is my testing php code.  The only line you
need to change is the first line where you can replace
"your-email-address" with your email address to see if you receive mail or
get error (system log, not from web or email) when selinux is enforced:

<?php

 $toaddress = 'your-email-address';

 $feedback = 'This is a test.';
 $subject = 'Feedback from web';
 $fromaddress = "From: webmaster at your.domain\r\n";

 mail($toaddress, $subject, $feedback, $fromaddress);

?>

Selinux experts: please test this code on your web server and I appreciate
all help!

Hongwei Li