Kanwar Ranbir Sandhu wrote:
On Tue, 2005-01-02 at 18:58 -0500, Colin Walters wrote:
Hmmm. Surely the SendEmail.pm perl module doesn't scribble on the
postfix queue directly; I don't think that's supported.
I don't know enough about the innards of RT to answer your question. However, I've sent an email to the RT list about this. Hopefully somone will chime in; I'll let you know.
Try:
chcon -h -t sendmail_exec_t /usr/sbin/sendmail.postfix
That got rid of the { setrlimit } denial, and produced a new one:
avc: denied { execute } for pid=5736 exe=/usr/sbin/sendmail.postfix name=postdrop dev=dm-3 ino=276825 scontext=root:system_r:system_mail_t tcontext=system_u:object_r:sbin_t tclass=file
Now, I don't want to confuse the issue, but in RT you define the mail command as 'sendmail' or 'sendmailpipe'. If using sendmail, then the arguements are '-oi'. If it's sendmailpipe, the arguements are '-oi - t', and the location of the sendmail binary must be specified (/usr/sbin/sendmail).
The above error was generated with the mail command in RT to sendmail. When I set the mail command to sendmailpipe, I got this denial:
avc: denied { read } for pid=5977 exe=/usr/sbin/httpd name=sendmail dev=dm-3 ino=277369 scontext=root:system_r:httpd_t tcontext=user_u:object_r:sbin_t tclass=lnk_file
I then changed the location of the sendmail binary parameter in RT to /usr/sbin/sendmail.postfix (but kept the mail command as sendmailpipe):
avc: denied { execute } for pid=6019 exe=/usr/sbin/sendmail.postfix name=postdrop dev=dm-3 ino=276825 scontext=root:system_r:system_mail_t tcontext=system_u:object_r:sbin_t tclass=file
That's the same denial as the very first one listed above.
I just wanted to point that out. In the past, I have configured RT with:
mail command: sendmail arguements: -oi path: /usr/sbin/sendmail
So, that's what I'll be sticking with, unless something else comes up.
It seems the solution is a little closer...
Regards,
Ranbir
Rather than going down a rathole, here could you setenforce 0 Run both test and send the avc messages.
