selinux and feedback from web
Hongwei Li
hongwei at wustl.edu
Fri Jan 28 20:38:04 UTC 2005
Hi,
My system information --
os: RedHat FC3 linux, kernel-2.6.10-1.741_FC3, selinux
enforced, iptables enabled
selinux: selinux-policy-targeted-1.17.30-2.73 (the most update one)
iptables: iptables-1.2.11-3.1.FC3
web: httpd-2.0.52-3.1
sendmail: sendmail-8.13.1-2
php: php-4.3.10-3.2
SELINUXTYPE targeted
I have a testing feedback php code for my web site using
mail($toaddress, $subject, $mailcontent, $fromaddress);
If selinux is disabled, the code works well. The user ($toaddress)
receives the content ($mailcontent), etc. However, if selinux is
enforced, the user does not receive it and the system log shows:
Jan 28 14:19:46 pippo kernel: audit(1106943586.048:0): avc: denied {
read } for pid=6801 exe=/usr/sbin/sendmail.sendmail name=clientmqueue
dev=hda3 ino=470506 scontext=user_u:system_r:httpd_sys_script_t
tcontext=system_u:object_r:mqueue_spool_t tclass=dir
Should I do something to make it working with selinux enforced?
Thanks!
Hongwei
More information about the fedora-selinux-list
mailing list