> dragoran wrote:
> > Shintaro Fujiwara wrote:
> >>> I tryed to send mails using a php scripts that calls mail() but when
> >>>
> >> I
> >>> do it I get this avc:
> >>> audit(1183392777.651:14): avc: denied { read } for pid=25048
> >>> comm="sendmail" name="[79366]" dev=eventpollfs ino=79366
> >>> scontext=user_u:system_r:system_mail_t:s0
> >>> tcontext=user_u:system_r:httpd_t:s0 tclass=file
> >>> the boolean "httpd_can_sendmail" is enabled (true).
> >>> I restarted the httpd and sendmail service after doing so... but
> >>>
> >> still
> >>> no success.
> >>> Any ideas?
> >>>
> >>
> >> Hi,
> >>
> >> Why don't you edit policy and update them ?
> >> Maybe you can do it edditing a few files, and
> >> typing several commands.
> >>
> >> If you using postfix, here's what I did.
> >> I made interface for postfix.
> >>
> >> ########################################
> >> ## <summary>
> >> ## for xoops sending mail from postfix.
> >> ## </summary>
> >> ## <param name="domain">
> >> ## Domain allowed to sending mails.
> >> ## </param>
> >> #
> >>
> >> interface(`xoops_send_mail_by_postfix',`
> >> gen_require(`
> >> type bin_t;
> >> type smtp_port_t;
> >> type sendmail_exec_t;
> >> ')
> >> allow $1 bin_t:dir search;
> >> allow $1 smtp_port_t:tcp_socket { name_connect send_msg
> >> recv_msg };
> >> allow $1 sendmail_exec_t:file { execute execute_no_trans getattr
> >> read };
> >> ')
> >>
> >>
> >> 1. I downloaded source of refpolicy.
> >> 2. I copied postfix ones and apache ones to /usr/share/selinux/devel.
> >> 3. I edited first line of postfix.te so that the version number becoming
> >> larger than the original one.
> >> 4. I added above interface to postfix.if.
> >> 5. I added xoops_send_mail_by_postfix(httpd_t) to apache.te and also
> >> edited first line like postfix.
> >> 6. #make clean
> >> 7. #make
> >> 8. #semodule -u postfix.pp
> >> 9. #semodule -u apache.pp
> >>
> >>
> > did this fix this kind of avcs for you?
> What platform and what version of policy. Current policy looks like it
> has these rules.
> >
> > --
> > fedora-selinux-list mailing list
> > fedora-selinux-list@xxxxxxxxxx
> > https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>
Oh, I'm now using,
selinux-policy-strict-2.4.6-13.fc6
on FC6 server.
I'm now converting my own policies to F7.
You are right.
You guys made much progress on that.
I will check if I can send mail from PHP script,
without any errors on F7.
I'm always relying on Dan's page, of course.
Thanks !
Hey, we're having SELinux meeting in Japan, tomorrow.
Hi, dragoran,
Oh, system_mail_t ...
That is not my case but I think it's close.
Why don't you relabel your mail-agent's exec file to bin_t.
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
