[CentOS] SELinux and Perl script using sendmail

Mon Dec 10 22:53:55 UTC 2007
Johnny Tan <linuxweb at gmail.com>

Miark wrote:
> I have a webpage feedback form that uses a Perl script to
> send e-mails with "| /usr/sbin/sendmail -t". It works
> just fine, but SELinux is complaining about it:
> 
> SELinux is preventing /usr/sbin/postdrop (postfix_postdrop_t)
>   "getattr" to pipe:[41117] (httpd_t)
> 
> I'm a SELinux newb so I don't know what (if anything) to do
> about it. Suggestions?

grep postfix /var/log/audit/audit.log | audit2allow -M myrule

will create a .te and .pp file which are a module that you 
can load to tell SELinux to allow the above. myrule.te is a 
plaintext file which you can examine.

If it looks good, you can then do:
semodule -i myrule.pp

to install the module into SELinux.

johnn