On 06/01/11 04:03, Paul Johnson wrote: > On Wed, Jan 5, 2011 at 12:57 PM, Daniel J Walsh <dwalsh at redhat.com> wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> On 01/05/2011 11:50 AM, Paul Johnson wrote: >>> >>> >>> >> Turn on the httpd_can_sendmail boolean. We do not want all apache >> servers to be able to send mail by default. >> >> # setsebool -P httpd_can_sendmail 1 >> >> man httpd_selinux >> ... > > Dear Mr Walsh: > > Thanks very much for the information. I did as you said, turned > SELinux back on, and now mediawiki can send email, like it is supposed > to! > > I would not have figured it out if you had not posted your advice. > > I hope this thread finds it way to google so other people will see it > is a solved problem! Whenever SELinux seems to try to bite me, I first list out all boolean settings, using grep. In your case I would do something like this: [root at host: ~]# semanage boolean -l | grep mail allow_postfix_local_write_mail_spool -> off Allow postfix_local doma.. httpd_can_sendmail -> off Allow http daemon to send mail.. [root at host: ~]# getsebool -a | grep mail allow_postfix_local_write_mail_spool --> off httpd_can_sendmail --> off [root at host: ~]# semanage boolean and getsebool gives basically the same information, except semanage give a little helpful description in addition. If that's not helping, audit2why or audit2allow usually helps me to understand a little bit more what is going on. And from there I usually figure out if I need to enable more booleans or if I have a specific setup of my own which need a hand crafted SELinux module. kind regards, David Sommerseth