Confusion about transition when httpd_t process calls sendmail
Jason L Tibbitts III
tibbs at math.uh.edu
Sat Sep 19 00:07:35 UTC 2009
OK, so what's confused me the most, I think, is that a naive
interpretation of httpd_can_sendmail is that calls to sendmail will
simply fail when it's off. Instead, the context transition just fails
to happen, leading to the sendmail binary running with the wrong context
and generating errors that make it look as if the MTA is misconfigured.
Anyway, problem solved and information saved for posterity. If,
however, there's interest in making this failure less baffling to
novices, consider actually failing when httpd calls sendmail instead of
simply disabling the change of context (if that's even possible; I've no
idea).
- J<
More information about the fedora-selinux-list
mailing list