The Planet Forums > Fedora blocking sendmail access to http.

Full Version: Fedora blocking sendmail access to http.

The Planet Forums > System Administration > Web Hosting

wwwwizard

Aug 3 2008, 11:16 AM

Hi, can anyone help with this?

httpd is trying to use a php library to send an smtp message. This works on 4 servers, but strangely not on the server in question... fedora is stopping it like this:

SELinux is preventing /usr/sbin/sendmail.sendmail (system_mail_t) "read" to eventpoll:[319543287] (httpd_t). For complete SELinux messages. run sealert -l dd5d45f3-7209-4702-8993-260873003918

------------------------

sealert says...
Summary
SELinux is preventing /usr/sbin/sendmail.sendmail (system_mail_t) "read" to
eventpoll:[319543287] (httpd_t).

Detailed Description
SELinux denied access requested by /usr/sbin/sendmail.sendmail. It is not
expected that this access is required by /usr/sbin/sendmail.sendmail and
this access may signal an intrusion attempt. It is also possible that the
specific version or configuration of the application is causing it to
require additional access.

Allowing Access
Sometimes labeling problems can cause SELinux denials. You could try to
restore the default system file context for eventpoll:[319543287],
restorecon -v eventpoll:[319543287] If this does not work, there is
currently no automatic way to allow this access. Instead, you can generate
a local policy module to allow this access - see
http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can disable
SELinux protection altogether. Disabling SELinux protection is not
recommended. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi
against this package.

Additional Information

Source Context root:system_r:system_mail_t
Target Context root:system_r:httpd_t
Target Objects eventpoll:[319543287] [ file ]
Affected RPM Packages sendmail-8.13.8-2.el5 [application]
Policy RPM selinux-policy-2.4.6-137.1.el5_2
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Permissive
Plugin Name plugins.catchall_file
Host Name xxxxxxxxxxxxxxxxxx
Platform Linux 2.6.18-53.1.4.el5 #1
SMP Wed Nov 14 10:37:33 EST 2007 i686 i686
Alert Count 1
Line Numbers

Raw Audit Messages

avc: denied { read } for comm="sendmail" dev=eventpollfs egid=51 euid=48
exe="/usr/sbin/sendmail.sendmail" exit=0 fsgid=51 fsuid=48 gid=48 items=0
path="eventpoll:[319543287]" pid=24472 scontext=root:system_r:system_mail_t:s0
sgid=51 subj=root:system_r:system_mail_t:s0 suid=48 tclass=file
tcontext=root:system_r:httpd_t:s0 tty=(none) uid=48

---------------

restorecon -v eventpoll:[319543287]
lstat(eventpoll:[319543287]) failed: No such file or directory

---------------

even setenforce 0 does nothing.

---------------

yum list | grep selinux
libselinux.i386 1.33.4-5.el5 installed
libselinux-python.i386 1.33.4-5.el5 installed
selinux-policy.noarch 2.4.6-137.1.el5_2 installed
selinux-policy-targeted.noarch 2.4.6-137.1.el5_2 installed
libselinux-devel.i386 1.33.4-5.el5 rhel-i386-server
selinux-policy-devel.noarch 2.4.6-137.1.el5_2 rhel-i386-server
selinux-policy-mls.noarch 2.4.6-137.1.el5_2 rhel-i386-server
selinux-policy-strict.noarch 2.4.6-137.1.el5_2 rhel-i386-server

---------------

Any ideas?

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.