dragoran wrote:
Shintaro Fujiwara wrote:
I tryed to send mails using a php scripts that calls mail() but when
I
do it I get this avc:
audit(1183392777.651:14): avc: denied { read } for pid=25048
comm="sendmail" name="[79366]" dev=eventpollfs ino=79366
scontext=user_u:system_r:system_mail_t:s0
tcontext=user_u:system_r:httpd_t:s0 tclass=file
the boolean "httpd_can_sendmail" is enabled (true).
I restarted the httpd and sendmail service after doing so... but
still
no success.
Any ideas?
Hi,
Why don't you edit policy and update them ?
Maybe you can do it edditing a few files, and
typing several commands.
If you using postfix, here's what I did.
I made interface for postfix.
########################################
## <summary>
## for xoops sending mail from postfix.
## </summary>
## <param name="domain">
## Domain allowed to sending mails.
## </param>
#
interface(`xoops_send_mail_by_postfix',`
gen_require(`
type bin_t;
type smtp_port_t;
type sendmail_exec_t;
')
allow $1 bin_t:dir search;
allow $1 smtp_port_t:tcp_socket { name_connect send_msg
recv_msg };
allow $1 sendmail_exec_t:file { execute execute_no_trans getattr
read };
')
1. I downloaded source of refpolicy.
2. I copied postfix ones and apache ones to /usr/share/selinux/devel.
3. I edited first line of postfix.te so that the version number becoming
larger than the original one.
4. I added above interface to postfix.if.
5. I added xoops_send_mail_by_postfix(httpd_t) to apache.te and also
edited first line like postfix.
6. #make clean
7. #make
8. #semodule -u postfix.pp
9. #semodule -u apache.pp
did this fix this kind of avcs for you?
What platform and what version of policy. Current policy looks like it
has these rules.
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
