Hello-
System: Fedora Core 3, current
I am using a trouble ticketing system written in PHP (phpSupport) which uses sendmail through
calling a perl script provided by the package. Every time phpSupport passes a mail request to
sendmail, this audit appears:
Sep 27 12:43:34 apache02 kernel: audit(1127839414.326:11): avc: denied { name_connect } for
pid=3948 comm="sendmail" dest=25 scontext=user_u:system_r:system_mail_t
tcontext=system_u:object_r:smtp_port_t tclass=tcp_socket
In /var/log/maillog, sendmail logs this for the email transaction:
Sep 27 12:43:34 apache02 sendmail[3948]: j8RGhYfY003948: from=apache, size=505, class=0,
nrcpts=1, msgid=<200509271643.j8RGhYfY003948@xxxxxxxxxxxxxxxxx>, relay=apache@localhost
Sep 27 12:43:34 apache02 sendmail[3948]: j8RGhYfY003948: to=aastaneh@xxxxxxxxx, ctladdr=apache
(48/48), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30505, relay=[127.0.0.1] [127.0.0.1],
dsn=4.0.0, stat=Deferred: Permission denied
I have already submitted a bug report https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=168874
and this problem was fixed in FC4... with no real note of fixing it for FC3.
I have already did a touch /.autorelabel and rebooted, but to no avail..
The only fix is to take the results of audit2allow and recompile policy (which worked on my
development box).
I am a little wary of building policy from policy-sources on a production machine in order to
insert dontaudit rules to stop this denial.. is it possible to build policy on a development
server (with the exact architecture) and transplant it into the production machine? If so- what
procedure must I follow?
Are there any other solutions?
Amin Astaneh
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
