On Tue, 2005-02-01 at 10:22 -0500, Kanwar Ranbir Sandhu wrote:
> avc: denied { search } for pid=2851 exe=/usr/bin/perl name=postfix
> dev=dm-5 ino=34833 scontext=user_u:system_r:httpd_sys_script_t
> tcontext=system_u:object_r:var_spool_t tclass=dir
>
> avc: denied { search } for pid=2851 exe=/usr/bin/perl name=postfix
> dev=dm-5 ino=34833 scontext=user_u:system_r:httpd_sys_script_t
> tcontext=system_u:object_r:var_spool_t tclass=dir
Hmmm. Surely the SendEmail.pm perl module doesn't scribble on the
postfix queue directly; I don't think that's supported.
> avc: denied { setrlimit } for pid=2856 exe=/usr/sbin/sendmail.postfix
> scontext=user_u:system_r:httpd_t tcontext=user_u:system_r:httpd_t
> tclass=process
It looks like there was no transition to system_mail_t
because /usr/sbin/sendmail.postfix isn't labeled as sendmail_exec_t in
the targeted policy.
Try:
chcon -h -t sendmail_exec_t /usr/sbin/sendmail.postfix
