OK, so what's confused me the most, I think, is that a naive interpretation of httpd_can_sendmail is that calls to sendmail will simply fail when it's off. Instead, the context transition just fails to happen, leading to the sendmail binary running with the wrong context and generating errors that make it look as if the MTA is misconfigured. Anyway, problem solved and information saved for posterity. If, however, there's interest in making this failure less baffling to novices, consider actually failing when httpd calls sendmail instead of simply disabling the change of context (if that's even possible; I've no idea). - J< -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
