On 06/01/11 04:03, Paul Johnson wrote:
On Wed, Jan 5, 2011 at 12:57 PM, Daniel J Walsh dwalsh@redhat.com wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 01/05/2011 11:50 AM, Paul Johnson wrote:
Turn on the httpd_can_sendmail boolean. We do not want all apache servers to be able to send mail by default.
# setsebool -P httpd_can_sendmail 1
man httpd_selinux ...
Dear Mr Walsh:
Thanks very much for the information. I did as you said, turned SELinux back on, and now mediawiki can send email, like it is supposed to!
I would not have figured it out if you had not posted your advice.
I hope this thread finds it way to google so other people will see it is a solved problem!
Whenever SELinux seems to try to bite me, I first list out all boolean settings, using grep. In your case I would do something like this:
[root@host: ~]# semanage boolean -l | grep mail allow_postfix_local_write_mail_spool -> off Allow postfix_local doma.. httpd_can_sendmail -> off Allow http daemon to send mail.. [root@host: ~]# getsebool -a | grep mail allow_postfix_local_write_mail_spool --> off httpd_can_sendmail --> off [root@host: ~]#
semanage boolean and getsebool gives basically the same information, except semanage give a little helpful description in addition.
If that's not helping, audit2why or audit2allow usually helps me to understand a little bit more what is going on. And from there I usually figure out if I need to enable more booleans or if I have a specific setup of my own which need a hand crafted SELinux module.
kind regards,
David Sommerseth