Request Tracker 3

Kanwar Ranbir Sandhu m3freak at rogers.com
Wed Feb 2 14:46:25 UTC 2005


On Tue, 2005-01-02 at 18:58 -0500, Colin Walters wrote:
> Hmmm.  Surely the SendEmail.pm perl module doesn't scribble on the
> postfix queue directly; I don't think that's supported.

I don't know enough about the innards of RT to answer your question.
However, I've sent an email to the RT list about this.  Hopefully somone
will chime in;  I'll let you know.

> Try:
> 
> chcon -h -t sendmail_exec_t /usr/sbin/sendmail.postfix

That got rid of the { setrlimit } denial, and produced a new one:

avc:  denied  { execute } for  pid=5736 exe=/usr/sbin/sendmail.postfix
name=postdrop dev=dm-3 ino=276825 scontext=root:system_r:system_mail_t
tcontext=system_u:object_r:sbin_t tclass=file


Now, I don't want to confuse the issue, but in RT you define the mail
command as 'sendmail' or 'sendmailpipe'.  If using sendmail, then the
arguements are '-oi'.  If it's sendmailpipe, the arguements are '-oi -
t', and the location of the sendmail binary must be specified
(/usr/sbin/sendmail).

The above error was generated with the mail command in RT to sendmail.
When I set the mail command to sendmailpipe, I got this denial:

avc:  denied  { read } for  pid=5977 exe=/usr/sbin/httpd name=sendmail
dev=dm-3 ino=277369 scontext=root:system_r:httpd_t
tcontext=user_u:object_r:sbin_t tclass=lnk_file


I then changed the location of the sendmail binary parameter in RT
to /usr/sbin/sendmail.postfix (but kept the mail command as
sendmailpipe):

avc:  denied  { execute } for  pid=6019 exe=/usr/sbin/sendmail.postfix
name=postdrop dev=dm-3 ino=276825 scontext=root:system_r:system_mail_t
tcontext=system_u:object_r:sbin_t tclass=file

That's the same denial as the very first one listed above.

I just wanted to point that out.  In the past, I have configured RT
with:

mail command: sendmail
arguements: -oi
path: /usr/sbin/sendmail

So, that's what I'll be sticking with, unless something else comes up.

It seems the solution is a little closer...

Regards,

Ranbir
-- 
Kanwar Ranbir Sandhu
Linux Consultant
Systems Aligned Inc.
www.systemsaligned.com




More information about the fedora-selinux-list mailing list