On Wed, 28 Dec 2011 18:04:30 -0500 Edward Ned Harvey <selinuxadmin@xxxxxxxxxxxxxxx> wrote: > How can this happen? It's getting denied, but not appearing in > either the audit log or the messages file. Running Centos 6 fully > updated, php (drupal) inside of httpd tries to send mail via postfix > (postdrop). > > > > When I have setenforce 0, the mail goes through. No errors in any > logs (audit.log, error_log, messages) > > When I have setenforce 1, the mail gets blocked. I get this message > in httpd error_log: > > sendmail: fatal: execvp /usr/sbin/postdrop: Permission > denied > > sendmail: warning: command "/usr/sbin/postdrop -r" exited with status > 1 > > sendmail: fatal: email@xxxxxxxxxxx(48): unable to > execute /usr/sbin/postdrop -r: Success > > > > I have auditd running. In fact, I regularly use audit2allow to > create allow policies on this machine. So I can confidently say > normally my selinux denials get logged in the audit.log. I am at a > loss to think of any reason this particular failure is not getting > logged the same way my other error messages usually get logged. > > > > I believe I can write a custom allow script by hand, but I believe I > probably shouldn't, or if I try, it will fail for some reason. > > > > Thanks for your help... The denials you're getting are probably being dontaudit-ed. See: http://danwalsh.livejournal.com/11673.html Paul. -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
