[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: cgiemail and senmail policy

To: "R. Steven Rainwater" <srainwater@xxxxxxx>
Subject: Re: cgiemail and senmail policy
From: Daniel J Walsh <dwalsh@xxxxxxxxxx>
Date: Sun, 03 Jul 2005 10:21:27 -0400
Cc: SELinux@xxxxxxxxxxxxx
In-reply-to: <1120169474.17769.60.camel@xxxxxxxxxxxxx>
References: <20050618153949.72823.qmail@xxxxxxxxxxxxxxxxxxxxxxx> <1119137931.11593.53.camel@xxxxxxxxxxxxx> <1120169474.17769.60.camel@xxxxxxxxxxxxx>
Sender: owner-selinux@xxxxxxxxxxxxx
User-agent: Mozilla Thunderbird 1.0.2-7 (X11/20050623)

R. Steven Rainwater wrote:

I'm running a CentOS 4.1 (Red Hat EL) box with an Apache web server. I
thought I'd worked out all the problems with my cgi scripts but a new
one cropped up today. We use the good ol' MIT cgiemail program to handle
form submissions that get sent via sendmail. When someone submits a
form, I get a series of avc errors and no email gets sent. What's the
best way to fix this (i.e. to make Apache able to use cgiemail to send
email via sendmail)?  Here are the errors I'm getting:

Jun 30 16:47:33 orac kernel: audit(1120168053.409:0): avc:  denied  {
write } for  pid=27969 comm=sendmail path=/tmp/filegvNeNa dev=dm-0
ino=948452 scontext=root:system_r:system_mail_t
tcontext=root:object_r:httpd_sys_script_rw_t tclass=file

Jun 30 16:47:33 orac kernel: audit(1120168053.410:0): avc:  denied  {
write } for  pid=27969 comm=sendmail path=/tmp/filegvNeNa dev=dm-0
ino=948452 scontext=root:system_r:system_mail_t
tcontext=root:object_r:httpd_sys_script_rw_t tclass=file

Jun 30 16:47:33 orac kernel: audit(1120168053.410:0): avc:  denied  {
write } for  pid=27969 comm=sendmail path=/tmp/filegvNeNa dev=dm-0
ino=948452 scontext=root:system_r:system_mail_t
tcontext=root:object_r:httpd_sys_script_rw_t tclass=file

Jun 30 16:47:33 orac kernel: audit(1120168053.410:0): avc:  denied  {
read write } for  pid=27969 comm=sendmail path=/tmp/tmpfKM8Top (deleted)
dev=dm-0 ino=948418 scontext=root:system_r:system_mail_t
tcontext=root:object_r:httpd_sys_script_rw_t tclass=file

Jun 30 16:47:33 orac kernel: audit(1120168053.510:0): avc:  denied  {
search } for  pid=27969 comm=sendmail name=www dev=dm-0 ino=556110
scontext=root:system_r:system_mail_t
tcontext=system_u:object_r:httpd_sys_content_t tclass=dir

Jun 30 16:47:33 orac kernel: audit(1120168053.511:0): avc:  denied  {
getattr }
for  pid=27969 comm=sendmail path=/var/www dev=dm-0 ino=556110
scontext=root:system_r:system_mail_t
tcontext=system_u:object_r:httpd_sys_content_t tclass=dir



The system is using selinux-policy-targeted-1.17.30-2.88.

-Steve

Upgrade to    the latest RHEL policy on.

ftp://people.redhat.com/dwalsh/SELinux/RHEL4/u1

Dan

--



--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.

References:
- Re: SELinux Integrated Logging Tool
  - From: Steve G
- dumb newbie questions
  - From: R. Steven Rainwater
- cgiemail and senmail policy
  - From: R. Steven Rainwater

Prev by Date: catman policy
Next by Date: Libre Software Meeting 2005
Previous by thread: cgiemail and senmail policy
Next by thread: SE Linux play machine
Index(es):
- Date
- Thread

This mailing list archive is a service of Copilot Consulting.