selinux-policy-targeted-2.6.4-49.fc7 blocking httpd from sendmail.postfix
Robert C. Auch
rauch at totalnetsolutions.net
Fri Nov 2 18:58:18 UTC 2007
I just installed a Fedora Core 7 box, ran yum update yesterday, and installed php5 and apache 2.2.6. SELinux is in Enforcing mode, and is blocking PHP's mail() function from sending:
Nov 2 11:05:41 webserver setroubleshoot: SELinux is preventing the sh from using potentially mislabeled files sendmail.postfix (sendmail_exec_t). For complete SELinux messages. run sealert -l c9001c48-5d48-4b7c-9fd7-8400544daa8f
sealert says:
Source Context user_u:system_r:httpd_t
Target Context system_u:object_r:sendmail_exec_t
Target Objects /usr/sbin/sendmail.postfix [ file ]
Affected RPM Packages postfix-2.4.3-2.fc7 [target]
Policy RPM selinux-policy-2.6.4-48.fc7
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name plugins.httpd_bad_labels
If I follow sealert's suggestion and "chcon -t httpd_sys_content_t /usr/sbin/sendmail.postfix", then I get the following (expected to me) errors in /var/log/messages on "service postfix restart":
Nov 2 13:38:25 $(server) setroubleshoot: SELinux is preventing postfix-script (postfix_master_t) "getattr" to /usr/sbin/sendmail.postfix (httpd_sys_content_t). For complete SELinux messages. run sealert -l b8bea1cd-10eb-40bc-8d5b-2031b5bceabe
According to this post: https://www.redhat.com/archives/fedora-selinux-list/2004-December/msg00033.html, this problem has been seen before and was fixed in selinux-policy-targeted-1.19.8-1. Has that fix been lost, or am I seeing something new?
Thanks,
Robert Auch
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20071102/4a72c4a5/attachment.htm>
More information about the fedora-selinux-list
mailing list