On Fri, 2 Nov 2007 13:58:18 -0500 "Robert C. Auch" <rauch@xxxxxxxxxxxxxxxxxxxxx> wrote: > I just installed a Fedora Core 7 box, ran yum update yesterday, and > installed php5 and apache 2.2.6. SELinux is in Enforcing mode, and > is blocking PHP's mail() function from sending: > > Nov 2 11:05:41 webserver setroubleshoot: SELinux is preventing > the sh from using potentially mislabeled files sendmail.postfix > (sendmail_exec_t). For complete SELinux messages. run sealert -l > c9001c48-5d48-4b7c-9fd7-8400544daa8f > > sealert says: > Source Context user_u:system_r:httpd_t > Target Context system_u:object_r:sendmail_exec_t > Target Objects /usr/sbin/sendmail.postfix [ file ] > Affected RPM Packages postfix-2.4.3-2.fc7 [target] > Policy RPM selinux-policy-2.6.4-48.fc7 > Selinux Enabled True > Policy Type targeted > MLS Enabled True > Enforcing Mode Enforcing > Plugin Name plugins.httpd_bad_labels > > If I follow sealert's suggestion and "chcon -t > httpd_sys_content_t /usr/sbin/sendmail.postfix", then I get the > following (expected to me) errors in /var/log/messages on "service > postfix restart": Nov 2 13:38:25 $(server) setroubleshoot: > SELinux is preventing postfix-script (postfix_master_t) "getattr" > to /usr/sbin/sendmail.postfix (httpd_sys_content_t). For > complete SELinux messages. run sealert -l > b8bea1cd-10eb-40bc-8d5b-2031b5bceabe > > According to this post: > https://www.redhat.com/archives/fedora-selinux-list/2004-December/msg00033.html, > this problem has been seen before and was fixed in > selinux-policy-targeted-1.19.8-1. Has that fix been lost, or am I > seeing something new? The context change is definitely the wrong thing to do here; you'll need to change it back to system_u:object_r:sendmail_exec_t. Make sure you have the httpd_can_sendmail and httpd_builtin_scripting booleans set: # setsebool -P httpd_can_sendmail 1 # setsebool -P httpd_builtin_scripting 1 Paul. -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
