-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 D. Hilbig wrote: | Can someone please help me with this? | | | | -----Original Message----- | From: D. Hilbig [mailto:selinux@xxxxxxxxxxx] | Sent: Thursday, May 08, 2008 10:14 AM | To: 'fedora-selinux-list@xxxxxxxxxx' | Subject: SELinux, apache/php and qmail's sendmail | | | I use qmail instead of sendmail on RHEL v5 and I could use some advice on | setting contexts for qmail's sendmail so that apache/php can use it. | | Below are the files and directories involved with qmail's sendmail (and | delivery to queue) | | allow apache/php to invoke qmail's sendmail program: | /var/qmail/bin/sendmail | potentially sendmail_exec_t? semanage fcontext -a -t bin_t /var/qmail/bin/sendmail | allow qmail's sendmail to invoke qmail-inject program: | /var/qmail/bin/qmail-inject | All of the files in this directory should be labeled bin_t If not you can add this context by executing semanage fcontext -a -t bin_t '/var/qmail/bin(/.*)?' restorecon -R -v /var/qmail/bin | allow qmail-inject to list the contents of the config files directory: | /var/qmail/control | | allow qmail-inject to read the config files it uses: | /var/qmail/control/defaultdomain | /var/qmail/control/deaulthost | /var/qmail/control/idhost | /var/qmail/control/plusdomain | /var/qmail/control/me | | allow qmail-inject to invoke qmail-queue program: | /var/qmail/bin/qmail-queue | | allow qmail-queue to read the config file used by the 'taps' patch: | /var/qmail/control/taps | | allow qmail-queue to put a message into the queue: | (create, edit, delete and link files) | /var/qmail/queue/pid (and subdirectories) | /var/qmail/queue/mess (and subdirectories) | /var/qmail/queue/intd (and subdirectories) | /var/qmail/queue/todo (and subdirectories) | semanage fcontext -a -t mail_spool_t '/var/qmail/queue(/.*)?' restorecon -R -v /var/qmail/queuue | | | For testing I specified the context "httpd_sys_content_t" but I know that it | isn't the desired context. What context(s) should I specify for the | aforementioned programs, directories and configuration files? | | Are there any other things I should do or consider besides setting the | context(s)? | | Your guidance is greatly appreciated. | | -- I would try something like the above. | fedora-selinux-list mailing list | fedora-selinux-list@xxxxxxxxxx | https://www.redhat.com/mailman/listinfo/fedora-selinux-list After you make the changes above run the -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkgq6dAACgkQrlYvE4MpobOKOACeJGjZETm7I8XWt3WYdQvtM1Z9 s+sAniRXcYS4C2iZfCMHXosn005b0TZ3 =GXq9 -----END PGP SIGNATURE----- -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
