[CentOS] SELinux prevents my PHP script from sending mail
Alan M. Evans
ame1 at extratech.comThu May 3 14:40:18 UTC 2012
- Previous message: [CentOS] SELinux prevents my PHP script from sending mail
- Next message: [CentOS] SELinux prevents my PHP script from sending mail
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ Sorry about the private message. Reply-to header wasn't set in your
message. Resending to all... ]
On Thu, 2012-05-03 at 10:19 -0400, Daniel J Walsh wrote:
> What AVC messages are you seeing?
None now, as I said. But before I applied the local policy, the denials
were:
type=AVC msg=audit(1335990099.325:127749): avc:  denied  { getattr } for  pid=17629 comm="php-cgi" path="/var/www/html/mydomain/email-cgi.php" dev=cciss!c0d0p1 ino=14811468 scontext=system_u:system_r:sendmail_t:s0 tcontext=unconfined_u:object_r:httpd_sys_content_t:s0 tclass=file
type=AVC msg=audit(1335990099.326:127750): avc:  denied  { read } for  pid=17629 comm="php-cgi" name="email-cgi.php" dev=cciss!c0d0p1 ino=14811468 scontext=system_u:system_r:sendmail_t:s0 tcontext=unconfined_u:object_r:httpd_sys_content_t:s0 tclass=file
type=AVC msg=audit(1335990099.326:127750): avc:  denied  { open } for  pid=17629 comm="php-cgi" name="email-cgi.php" dev=cciss!c0d0p1 ino=14811468 scontext=system_u:system_r:sendmail_t:s0 tcontext=unconfined_u:object_r:httpd_sys_content_t:s0 tclass=file
type=AVC msg=audit(1335990099.326:127751): avc:  denied  { ioctl } for  pid=17629 comm="php-cgi" path="/var/www/html/mydomain/email-cgi.php" dev=cciss!c0d0p1 ino=14811468 scontext=system_u:system_r:sendmail_t:s0 tcontext=unconfined_u:object_r:httpd_sys_content_t:s0 tclass=file
type=AVC msg=audit(1335990099.346:127752): avc:  denied  { write } for  pid=17629 comm="php-cgi" name=".s.PGSQL.5432" dev=cciss!c0d0p1 ino=9568267 scontext=system_u:system_r:sendmail_t:s0 tcontext=system_u:object_r:postgresql_tmp_t:s0 tclass=sock_file
type=AVC msg=audit(1335990099.346:127752): avc:  denied  { connectto } for  pid=17629 comm="php-cgi" path="/tmp/.s.PGSQL.5432" scontext=system_u:system_r:sendmail_t:s0 tcontext=system_u:system_r:postgresql_t:s0 tclass=unix_stream_socket
I used these with audit2allow to make a local policy module. Since then,
audit.log is completely silent when the script execution fails.
-Alan
  - Previous message: [CentOS] SELinux prevents my PHP script from sending mail
- Next message: [CentOS] SELinux prevents my PHP script from sending mail
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list