On Tue, 2005-01-02 at 18:58 -0500, Colin Walters wrote:
> Hmmm. Surely the SendEmail.pm perl module doesn't scribble on the
> postfix queue directly; I don't think that's supported.
I don't know enough about the innards of RT to answer your question.
However, I've sent an email to the RT list about this. Hopefully somone
will chime in; I'll let you know.
> Try:
>
> chcon -h -t sendmail_exec_t /usr/sbin/sendmail.postfix
That got rid of the { setrlimit } denial, and produced a new one:
avc: denied { execute } for pid=5736 exe=/usr/sbin/sendmail.postfix
name=postdrop dev=dm-3 ino=276825 scontext=root:system_r:system_mail_t
tcontext=system_u:object_r:sbin_t tclass=file
Now, I don't want to confuse the issue, but in RT you define the mail
command as 'sendmail' or 'sendmailpipe'. If using sendmail, then the
arguements are '-oi'. If it's sendmailpipe, the arguements are '-oi -
t', and the location of the sendmail binary must be specified
(/usr/sbin/sendmail).
The above error was generated with the mail command in RT to sendmail.
When I set the mail command to sendmailpipe, I got this denial:
avc: denied { read } for pid=5977 exe=/usr/sbin/httpd name=sendmail
dev=dm-3 ino=277369 scontext=root:system_r:httpd_t
tcontext=user_u:object_r:sbin_t tclass=lnk_file
I then changed the location of the sendmail binary parameter in RT
to /usr/sbin/sendmail.postfix (but kept the mail command as
sendmailpipe):
avc: denied { execute } for pid=6019 exe=/usr/sbin/sendmail.postfix
name=postdrop dev=dm-3 ino=276825 scontext=root:system_r:system_mail_t
tcontext=system_u:object_r:sbin_t tclass=file
That's the same denial as the very first one listed above.
I just wanted to point that out. In the past, I have configured RT
with:
mail command: sendmail
arguements: -oi
path: /usr/sbin/sendmail
So, that's what I'll be sticking with, unless something else comes up.
It seems the solution is a little closer...
Regards,
Ranbir
--
Kanwar Ranbir Sandhu
Linux Consultant
Systems Aligned Inc.
www.systemsaligned.com
