FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor


 
 
LinkBack Thread Tools
 
Old 01-15-2008, 12:34 PM
Sietjp
 
Default SELinux newbie

Hi all,
Sorry for this newbie post.
I'm running fedora 8 and lamp.
All is wroking fine except of emails. Apache is not able to send emails via
sendmail.

I tried setenforce 0, and then all is working fine.

But as I'm not a lazy guy, I would like to keep SELInux active and understand
what is giong wrong.

Please help
I don't ask for the solution but maybe a starting point or a link, thx

JP

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 01-15-2008, 12:48 PM
Stephen Smalley
 
Default SELinux newbie

On Tue, 2008-01-15 at 14:34 +0100, Sietjp wrote:
>
> Hi all,
> Sorry for this newbie post.
> I'm running fedora 8 and lamp.
> All is wroking fine except of emails. Apache is not able to send emails via
> sendmail.
>
> I tried setenforce 0, and then all is working fine.
>
> But as I'm not a lazy guy, I would like to keep SELInux active and understand
> what is giong wrong.
>
> Please help
> I don't ask for the solution but maybe a starting point or a link, thx

If you install setroubleshoot (yum install setroubleshoot), it can
detect and report SELinux denials to you in a more friendly manner,
either via desktop alert or via email if it is a server.

Or you can look at the audit logs (/sbin/ausearch -i -m AVC) or system
logs (grep avc /var/log/messages) to see what denials are being
generated, and report those to this list.

audit2allow can help you work around denials, but you should post the
denials to get guidance on the proper fix. setroubleshoot can sometimes
help as well with pointing you in the right direction.

Stephen Smalley
National Security Agency

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 01-15-2008, 12:49 PM
Eric Paris
 
Default SELinux newbie

setsebool -P httpd_can_sendmail 1

if you have more httpd questions see
man (8) httpd_selinux

(oh yeah, dwalsh, httpd_can_sendmail isn't in that man page wanna add
it?)

-Eric


On Tue, 2008-01-15 at 14:34 +0100, Sietjp wrote:
>
> Hi all,
> Sorry for this newbie post.
> I'm running fedora 8 and lamp.
> All is wroking fine except of emails. Apache is not able to send emails via
> sendmail.
>
> I tried setenforce 0, and then all is working fine.
>
> But as I'm not a lazy guy, I would like to keep SELInux active and understand
> what is giong wrong.
>
> Please help
> I don't ask for the solution but maybe a starting point or a link, thx
>
> JP
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 01-15-2008, 12:53 PM
Steven Stern
 
Default SELinux newbie

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 01/15/2008 07:34 AM, Sietjp wrote:
|
| Hi all,
| Sorry for this newbie post.
| I'm running fedora 8 and lamp.
| All is wroking fine except of emails. Apache is not able to send
emails via
| sendmail.
|
| I tried setenforce 0, and then all is working fine.
|
| But as I'm not a lazy guy, I would like to keep SELInux active and
understand
| what is giong wrong.
|
| Please help
| I don't ask for the solution but maybe a starting point or a link, thx
|
| JP
|
setsebool -P httpd_can_network_connect=1

If you run with the gui active for a while, the SELinux Troubleshooter
will pop up with this answer. It can also be run from APPLICATIONS ->
SYSTEM TOOLS.

- --

~ Steve
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFHjLrseERILVgMyvARAhjFAJ4kz4GjOYdYuL0AuLA7jy aTz96Y8ACfa57i
5NYxMBxwtVfcIGeIT1gAVUA=
=FRWA
-----END PGP SIGNATURE-----

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 01-15-2008, 01:16 PM
Sietjp
 
Default SELinux newbie

Thx Eric,

I tried and it still cause permission denied.

Actually this morning I've done :

chcon -t httpd_sys_content_t /usr/sbin/sendmail.sendmail

Could it be the reason why it still doesn't work ?

Thanks
JP

> setsebool -P httpd_can_sendmail 1
>
> if you have more httpd questions see
> man (8) httpd_selinux
>
> (oh yeah, dwalsh, httpd_can_sendmail isn't in that man page wanna add
> it?)
>
> -Eric
>
>
> On Tue, 2008-01-15 at 14:34 +0100, Sietjp wrote:
> >
> > Hi all,
> > Sorry for this newbie post.
> > I'm running fedora 8 and lamp.
> > All is wroking fine except of emails. Apache is not able to send emails via
> > sendmail.
> >
> > I tried setenforce 0, and then all is working fine.
> >
> > But as I'm not a lazy guy, I would like to keep SELInux active and
> understand
> > what is giong wrong.
> >
> > Please help
> > I don't ask for the solution but maybe a starting point or a link, thx
> >
> > JP
> >
> > --
> > fedora-selinux-list mailing list
> > fedora-selinux-list@redhat.com
> > https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>
>


--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 01-15-2008, 01:22 PM
Stephen Smalley
 
Default SELinux newbie

On Tue, 2008-01-15 at 15:16 +0100, Sietjp wrote:
> Thx Eric,
>
> I tried and it still cause permission denied.
>
> Actually this morning I've done :
>
> chcon -t httpd_sys_content_t /usr/sbin/sendmail.sendmail
>
> Could it be the reason why it still doesn't work ?

Yes, run 'restorecon -v /usr/sbin/sendmail.sendmail'.

>
> Thanks
> JP
>
> > setsebool -P httpd_can_sendmail 1
> >
> > if you have more httpd questions see
> > man (8) httpd_selinux
> >
> > (oh yeah, dwalsh, httpd_can_sendmail isn't in that man page wanna add
> > it?)
> >
> > -Eric
> >
> >
> > On Tue, 2008-01-15 at 14:34 +0100, Sietjp wrote:
> > >
> > > Hi all,
> > > Sorry for this newbie post.
> > > I'm running fedora 8 and lamp.
> > > All is wroking fine except of emails. Apache is not able to send emails via
> > > sendmail.
> > >
> > > I tried setenforce 0, and then all is working fine.
> > >
> > > But as I'm not a lazy guy, I would like to keep SELInux active and
> > understand
> > > what is giong wrong.
> > >
> > > Please help
> > > I don't ask for the solution but maybe a starting point or a link, thx
> > >
> > > JP
> > >
> > > --
> > > fedora-selinux-list mailing list
> > > fedora-selinux-list@redhat.com
> > > https://www.redhat.com/mailman/listinfo/fedora-selinux-list
> >
> >
>
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
--
Stephen Smalley
National Security Agency

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 01-15-2008, 01:28 PM
Daniel J Walsh
 
Default SELinux newbie

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Sietjp wrote:
> Thx Eric,
>
> I tried and it still cause permission denied.
>
> Actually this morning I've done :
>
> chcon -t httpd_sys_content_t /usr/sbin/sendmail.sendmail
>
> Could it be the reason why it still doesn't work ?
>
> Thanks
> JP
>
>> setsebool -P httpd_can_sendmail 1
>>
>> if you have more httpd questions see
>> man (8) httpd_selinux
>>
>> (oh yeah, dwalsh, httpd_can_sendmail isn't in that man page wanna add
>> it?)
>>
>> -Eric
>>
>>
>> On Tue, 2008-01-15 at 14:34 +0100, Sietjp wrote:
>>> Hi all,
>>> Sorry for this newbie post.
>>> I'm running fedora 8 and lamp.
>>> All is wroking fine except of emails. Apache is not able to send emails via
>>> sendmail.
>>>
>>> I tried setenforce 0, and then all is working fine.
>>>
>>> But as I'm not a lazy guy, I would like to keep SELInux active and
>> understand
>>> what is giong wrong.
>>>
>>> Please help
>>> I don't ask for the solution but maybe a starting point or a link, thx
>>>
>>> JP
>>>
>>> --
>>> fedora-selinux-list mailing list
>>> fedora-selinux-list@redhat.com
>>> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>>
>
>
Yes.

restorecon /usr/sbin/sendmail.sendmail
setsebool -P httpd_can_sendmail 1

Should fix it.

Also install setroubleshoot

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkeMwwoACgkQrlYvE4MpobNpdACfcbu40tzHU0 h4FL745KzlcQou
rdIAniMQbxz3l0GFoeoe4lKvcffwgcS3
=7jQU
-----END PGP SIGNATURE-----

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 01-15-2008, 01:29 PM
Daniel J Walsh
 
Default SELinux newbie

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Steven Stern wrote:
> On 01/15/2008 07:34 AM, Sietjp wrote:
> |
> | Hi all,
> | Sorry for this newbie post.
> | I'm running fedora 8 and lamp.
> | All is wroking fine except of emails. Apache is not able to send
> emails via
> | sendmail.
> |
> | I tried setenforce 0, and then all is working fine.
> |
> | But as I'm not a lazy guy, I would like to keep SELInux active and
> understand
> | what is giong wrong.
> |
> | Please help
> | I don't ask for the solution but maybe a starting point or a link, thx
> |
> | JP
> |
> setsebool -P httpd_can_network_connect=1
>
> If you run with the gui active for a while, the SELinux Troubleshooter
> will pop up with this answer. It can also be run from APPLICATIONS ->
> SYSTEM TOOLS.
>

httpd_can_sendmail, only opens the mail ports for connections,
can_network_connect opens any port.
- --
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkeMw0MACgkQrlYvE4MpobMvywCcCK+cREffBC BDM5HBDzXQH22F
Vf0An36aV0/RoSP9oF6MYjaeydCNiHIN
=rVlJ
-----END PGP SIGNATURE-----

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 01-15-2008, 02:46 PM
"Clarkson, Mike R (US SSA)"
 
Default SELinux newbie

Is httpd_can_sendmail new? I don't see it in booleans.conf in RHEL5.1

> -----Original Message-----
> From: fedora-selinux-list-bounces@redhat.com
[mailto:fedora-selinux-list-
> bounces@redhat.com] On Behalf Of Daniel J Walsh
> Sent: Tuesday, January 15, 2008 6:29 AM
> To: Steven Stern
> Cc: fedora-selinux-list@redhat.com
> Subject: Re: SELinux newbie
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Steven Stern wrote:
> > On 01/15/2008 07:34 AM, Sietjp wrote:
> > |
> > | Hi all,
> > | Sorry for this newbie post.
> > | I'm running fedora 8 and lamp.
> > | All is wroking fine except of emails. Apache is not able to send
> > emails via
> > | sendmail.
> > |
> > | I tried setenforce 0, and then all is working fine.
> > |
> > | But as I'm not a lazy guy, I would like to keep SELInux active and
> > understand
> > | what is giong wrong.
> > |
> > | Please help
> > | I don't ask for the solution but maybe a starting point or a link,
thx
>
> > |
> > | JP
> > |
> > setsebool -P httpd_can_network_connect=1
> >
> > If you run with the gui active for a while, the SELinux
Troubleshooter
> > will pop up with this answer. It can also be run from APPLICATIONS
->
> > SYSTEM TOOLS.
> >
>
> httpd_can_sendmail, only opens the mail ports for connections,
> can_network_connect opens any port.
> - --
> fedora-selinux-list mailing list
> fedora-selinux-list@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.8 (GNU/Linux)
> Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
>
> iEYEARECAAYFAkeMw0MACgkQrlYvE4MpobMvywCcCK+cREffBC BDM5HBDzXQH22F
> Vf0An36aV0/RoSP9oF6MYjaeydCNiHIN
> =rVlJ
> -----END PGP SIGNATURE-----
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list


--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 01-15-2008, 06:10 PM
Daniel J Walsh
 
Default SELinux newbie

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Clarkson, Mike R (US SSA) wrote:
> Is httpd_can_sendmail new? I don't see it in booleans.conf in RHEL5.1
>
Newer the RHEL5. :^(

>> -----Original Message-----
>> From: fedora-selinux-list-bounces@redhat.com
> [mailto:fedora-selinux-list-
>> bounces@redhat.com] On Behalf Of Daniel J Walsh
>> Sent: Tuesday, January 15, 2008 6:29 AM
>> To: Steven Stern
>> Cc: fedora-selinux-list@redhat.com
>> Subject: Re: SELinux newbie
>>
> Steven Stern wrote:
>>>> On 01/15/2008 07:34 AM, Sietjp wrote:
>>>> |
>>>> | Hi all,
>>>> | Sorry for this newbie post.
>>>> | I'm running fedora 8 and lamp.
>>>> | All is wroking fine except of emails. Apache is not able to send
>>>> emails via
>>>> | sendmail.
>>>> |
>>>> | I tried setenforce 0, and then all is working fine.
>>>> |
>>>> | But as I'm not a lazy guy, I would like to keep SELInux active and
>>>> understand
>>>> | what is giong wrong.
>>>> |
>>>> | Please help
>>>> | I don't ask for the solution but maybe a starting point or a link,
>> thx
>
>>>> |
>>>> | JP
>>>> |
>>>> setsebool -P httpd_can_network_connect=1
>>>>
>>>> If you run with the gui active for a while, the SELinux
>> Troubleshooter
>>>> will pop up with this answer. It can also be run from APPLICATIONS
>> ->
>>>> SYSTEM TOOLS.
>>>>
> httpd_can_sendmail, only opens the mail ports for connections,
> can_network_connect opens any port.
>>
- --
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkeNBTQACgkQrlYvE4MpobN8LACfTrzIliDQeo dd5xiRpu9YFEDl
cyMAn2e3S5bKWZuQe88ZKctkPfctnROM
=axAX
-----END PGP SIGNATURE-----

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 

Thread Tools




All times are GMT. The time now is 08:59 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org