httpd can't send mails

Daniel J Walsh dwalsh at redhat.com
Mon Jul 2 20:31:42 UTC 2007 

dragoran wrote:
> Shintaro Fujiwara wrote:
>>> I tryed to send mails using a php scripts that calls mail() but when
>>>     
>> I  
>>> do it I get this avc:
>>> audit(1183392777.651:14): avc:  denied  { read } for  pid=25048 
>>> comm="sendmail" name="[79366]" dev=eventpollfs ino=79366 
>>> scontext=user_u:system_r:system_mail_t:s0 
>>> tcontext=user_u:system_r:httpd_t:s0 tclass=file
>>> the boolean "httpd_can_sendmail" is enabled (true).
>>> I restarted the httpd and sendmail service after doing so... but
>>>     
>> still  
>>> no success.
>>> Any ideas?
>>>     
>>
>> Hi,
>>
>> Why don't you edit policy and update them ?
>> Maybe you can do it edditing a few files, and
>> typing several commands.
>>
>> If you using postfix, here's what I did.
>> I made interface for postfix.
>>
>> ########################################
>> ## <summary>
>> ##      for xoops sending mail from postfix.
>> ## </summary>
>> ## <param name="domain">
>> ##      Domain allowed to sending mails.
>> ## </param>
>> #
>>
>> interface(`xoops_send_mail_by_postfix',`
>>         gen_require(`
>>                 type bin_t;
>>                 type smtp_port_t;
>>                 type sendmail_exec_t;
>>         ')
>>         allow $1 bin_t:dir search;
>>         allow $1 smtp_port_t:tcp_socket { name_connect send_msg
>> recv_msg };
>>         allow $1 sendmail_exec_t:file { execute execute_no_trans getattr
>> read };
>> ')
>>
>>
>> 1. I downloaded source of refpolicy.
>> 2. I copied postfix ones and apache ones to /usr/share/selinux/devel.
>> 3. I edited first line of postfix.te so that the version number becoming
>> larger than the original one.
>> 4. I added above interface to postfix.if.
>> 5. I added xoops_send_mail_by_postfix(httpd_t) to apache.te and also
>> edited first line like postfix.
>> 6. #make clean
>> 7. #make
>> 8. #semodule -u postfix.pp
>> 9. #semodule -u apache.pp
>>
>>   
> did this fix this kind of avcs for you?
What platform and what version of policy.  Current policy looks like it 
has these rules.
>
> -- 
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list

More information about the fedora-selinux-list mailing list