FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora SELinux Support

 
 
LinkBack Thread Tools
 
Old 01-10-2012, 09:45 PM
Jeff MacDonald
 
Default Proper settings to allow web server to send mail

Greetings,

On Tuesday, January 10, 2012 05:19:22 PM Steven Stern wrote:
> I found this in my maillog:
>
> Jan 10 13:54:02 scarletfire sendmail[9824]: NOQUEUE: SYSERR(apache): can
> not chdir(/var/spool/clientmqueue/): Permission denied
>
[...snipped...]
>
> What is the proper settings to allow a web server to do whatever it was
> trying to do here... (Or was this something bad that SELINUX prevented)

I would use SMTP instead of calling sendmail directly.

Regards,
J
--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
 
Old 01-10-2012, 10:51 PM
"Jeroen van Meeuwen (Kolab Systems)"
 
Default Proper settings to allow web server to send mail

On 2012-01-10 22:19, Steven Stern wrote:

I found this in my maillog:

Jan 10 13:54:02 scarletfire sendmail[9824]: NOQUEUE: SYSERR(apache):
can

not chdir(/var/spool/clientmqueue/): Permission denied

coming from an AVC:

Jan 10 13:54:02 scarletfire kernel: type=1400
audit(1326225242.351:5):

avc: denied { search } for pid=9824 comm="sendmail"
name="clientmqueue" dev=dm-0 ino=1312124
scontext=system_u:system_r:httpd_t:s0
tcontext=system_ubject_r:mqueue_spool_t:s0 tclass=dir

What is the proper settings to allow a web server to do whatever it
was
trying to do here... (Or was this something bad that SELINUX
prevented)


You'll find the selinux booleans of interest when such things happen.

In this case, I think you're looking for httpd_can_sendmail.

Kind regards,

Jeroen van Meeuwen

--
Systems Architect, Kolab Systems AG

e: vanmeeuwen at kolabsys.com
t: +44 144 340 9500
m: +44 74 2516 3817
w: http://www.kolabsys.com

pgp: 9342 BF08
--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
 
Old 01-11-2012, 09:06 AM
Miroslav Grepl
 
Default Proper settings to allow web server to send mail

On 01/11/2012 12:51 AM, Jeroen van Meeuwen (Kolab Systems) wrote:

On 2012-01-10 22:19, Steven Stern wrote:

I found this in my maillog:

Jan 10 13:54:02 scarletfire sendmail[9824]: NOQUEUE: SYSERR(apache): can
not chdir(/var/spool/clientmqueue/): Permission denied

coming from an AVC:

Jan 10 13:54:02 scarletfire kernel: type=1400 audit(1326225242.351:5):
avc: denied { search } for pid=9824 comm="sendmail"
name="clientmqueue" dev=dm-0 ino=1312124
scontext=system_u:system_r:httpd_t:s0
tcontext=system_ubject_r:mqueue_spool_t:s0 tclass=dir

What is the proper settings to allow a web server to do whatever it was
trying to do here... (Or was this something bad that SELINUX prevented)


You'll find the selinux booleans of interest when such things happen.

In this case, I think you're looking for httpd_can_sendmail.

Kind regards,

Jeroen van Meeuwen


Yes, you can find it using

# man httpd_selinux
--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
 

Thread Tools




All times are GMT. The time now is 10:14 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org