FW: SELinux, apache/php and qmail's sendmail
D. Hilbig
selinux at hilbig.name
Tue May 13 18:57:07 UTC 2008
Can someone please help me with this?
-----Original Message-----
From: D. Hilbig [mailto:selinux at hilbig.name]
Sent: Thursday, May 08, 2008 10:14 AM
To: 'fedora-selinux-list at redhat.com'
Subject: SELinux, apache/php and qmail's sendmail
I use qmail instead of sendmail on RHEL v5 and I could use some advice on
setting contexts for qmail's sendmail so that apache/php can use it.
Below are the files and directories involved with qmail's sendmail (and
delivery to queue)
allow apache/php to invoke qmail's sendmail program:
/var/qmail/bin/sendmail
allow qmail's sendmail to invoke qmail-inject program:
/var/qmail/bin/qmail-inject
allow qmail-inject to list the contents of the config files directory:
/var/qmail/control
allow qmail-inject to read the config files it uses:
/var/qmail/control/defaultdomain
/var/qmail/control/deaulthost
/var/qmail/control/idhost
/var/qmail/control/plusdomain
/var/qmail/control/me
allow qmail-inject to invoke qmail-queue program:
/var/qmail/bin/qmail-queue
allow qmail-queue to read the config file used by the 'taps' patch:
/var/qmail/control/taps
allow qmail-queue to put a message into the queue:
(create, edit, delete and link files)
/var/qmail/queue/pid (and subdirectories)
/var/qmail/queue/mess (and subdirectories)
/var/qmail/queue/intd (and subdirectories)
/var/qmail/queue/todo (and subdirectories)
For testing I specified the context "httpd_sys_content_t" but I know that it
isn't the desired context. What context(s) should I specify for the
aforementioned programs, directories and configuration files?
Are there any other things I should do or consider besides setting the
context(s)?
Your guidance is greatly appreciated.
More information about the fedora-selinux-list
mailing list