Kanwar Ranbir Sandhu wrote:
On Wed, 2005-02-02 at 12:42 -0500, Daniel J Walsh wrote:There is a bug in targeted policy that allows the system to transition from unconfined_t to httpd_sys_script_t even
For the time being you might want to change the
turn httpd transitioning off.
setsebool -P httpd_disable_trans 1
I gave that a shot, but it doesn't work. A denial is still reported:
avc: denied { search } for pid=6904 exe=/usr/sbin/sendmail.postfix name=postfix dev=dm-5 ino=34833 scontext=root:system_r:system_mail_t tcontext=system_u:object_r:mail_spool_t tclass=dir
BTW, the error reported in /var/log/maillog is this:
postfix/sendmail[6904]: fatal: chdir /var/spool/postfix: Permission denied
Email is making it's way into RT because tickets are being created. It's just the auto replies from RT that aren't making it out. Basically, RT is not being allowed to SEND email.
Since I'm still running tests on RT (just upgraded), I'm going to set SElinux to permissive mode. I'm sure I'm going to run into other problems with selinux.
Regards,
Ranbir
if httpd_disable_trans is set.
selinux-policy-targeted-1.17.30-2.76 should fix this for FC3 selinux-policy-targeted-1.21.8.3 should fix this for rawhide
both are available on ftp://people.redhat.com/dwalsh/SELinux/{FC3,Fedora}
