How can this happen? It's getting denied, but not appearing in either the audit log or the messages file. Running Centos 6 fully updated, php (drupal) inside of httpd tries to send mail via postfix (postdrop). When I have setenforce 0, the mail goes through. No errors in any logs (audit.log, error_log, messages) When I have setenforce 1, the mail gets blocked. I get this message in httpd error_log: sendmail: fatal: execvp /usr/sbin/postdrop: Permission denied sendmail: warning: command "/usr/sbin/postdrop -r" exited with status 1 sendmail: fatal: email@xxxxxxxxxxx(48): unable to execute /usr/sbin/postdrop -r: Success I have auditd running. In fact, I regularly use audit2allow to create allow policies on this machine. So I can confidently say normally my selinux denials get logged in the audit.log. I am at a loss to think of any reason this particular failure is not getting logged the same way my other error messages usually get logged. I believe I can write a custom allow script by hand, but I believe I probably shouldn't, or if I try, it will fail for some reason. Thanks for your help... |
-- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
