httpd can't send mails
Shintaro Fujiwara
shin216 at xf7.so-net.ne.jp
Mon Jul 2 18:47:59 UTC 2007
> I tryed to send mails using a php scripts that calls mail() but when
I
> do it I get this avc:
> audit(1183392777.651:14): avc: denied { read } for pid=25048
> comm="sendmail" name="[79366]" dev=eventpollfs ino=79366
> scontext=user_u:system_r:system_mail_t:s0
> tcontext=user_u:system_r:httpd_t:s0 tclass=file
> the boolean "httpd_can_sendmail" is enabled (true).
> I restarted the httpd and sendmail service after doing so... but
still
> no success.
> Any ideas?
Hi,
Why don't you edit policy and update them ?
Maybe you can do it edditing a few files, and
typing several commands.
If you using postfix, here's what I did.
I made interface for postfix.
########################################
## <summary>
## for xoops sending mail from postfix.
## </summary>
## <param name="domain">
## Domain allowed to sending mails.
## </param>
#
interface(`xoops_send_mail_by_postfix',`
gen_require(`
type bin_t;
type smtp_port_t;
type sendmail_exec_t;
')
allow $1 bin_t:dir search;
allow $1 smtp_port_t:tcp_socket { name_connect send_msg
recv_msg };
allow $1 sendmail_exec_t:file { execute execute_no_trans getattr
read };
')
1. I downloaded source of refpolicy.
2. I copied postfix ones and apache ones to /usr/share/selinux/devel.
3. I edited first line of postfix.te so that the version number becoming
larger than the original one.
4. I added above interface to postfix.if.
5. I added xoops_send_mail_by_postfix(httpd_t) to apache.te and also
edited first line like postfix.
6. #make clean
7. #make
8. #semodule -u postfix.pp
9. #semodule -u apache.pp
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
More information about the fedora-selinux-list
mailing list