[CentOS] selinux - centos 6.3 - mail
Gregory P. Ennis
PoMec at PoMec.Net
Mon Dec 24 16:51:14 UTC 2012
Everyone,
I recently had a disc drive failure on a centos 5.8 internal mail
server. I replaced the drive and installed centos 6.3. I had selinux
turned off on the 5.8 machine, and with the upgrade to 6.3 decided to
leave selinux active with the hopes I had learned enough to be able to
use it.
I have a couple of perl scripts that are activated by email that prints
the contents of the mail packet on a printer. I have been able to fix
the temporary directories that are used with changes of selinux
permissions, but I have not been able to make everything work with the
command :
$arg = ("lp -o raw -d $LPT $MAILFILEO");
system($arg);
I get the following log entry :
Can't exec "lp": Permission denied at /usr/local/bin/s.printer.process
line 190, <FILEI> line 19.
Any ideas how I can get 'lp' to accept usage from the 'mail' user
account? Everything works ok when selinux is turned off. I would like
to keep it on at this point.
Thanks,
Greg Ennis
Forgot to put in the results of ausearch -m avc
type=SYSCALL msg=audit(1356364738.939:49185): arch=40000003 syscall=11 success=no exit=-13 a0=bfd992c5 a1=89c6df0 a2=89b8d58 a3=89b8d82 items=0 ppid=31198 pid=31200 auid=0 uid=8 gid=12 euid=8 suid=8 fsuid=8 egid=12 sgid=12 fsgid=12 tty=(none) ses=104 comm="s.printer.proce" exe="/usr/bin/perl" subj=unconfined_u:system_r:sendmail_t:s0 key=(null)
type=AVC msg=audit(1356364738.939:49185): avc: denied { execute } for pid=31200 comm="s.printer.proce" name="lp.cups" dev=sda7 ino=1064276 scontext=unconfined_u:system_r:sendmail_t:s0 tcontext=system_u:object_r:lpr_exec_t:s0 tclass=file
More information about the CentOS
mailing list