Allow apache to send mail?
Robin Bowes
robin-lists at robinbowes.com
Wed Dec 7 22:58:18 UTC 2005
Daniel J Walsh said the following on 07/12/2005 21:24:
> Robin Bowes wrote:
>
>> Hi,
>>
>> Can anyone tell me how to allow apache (httpd) to send mail, i.e. to use
>> the smtp port?
>>
>> I'm trying to enable notifications in Trac and am seeing this in the
>> audit log:
>>
>> type=AVC msg=audit(1133985478.317:38): avc: denied { name_connect }
>> for pid=2175 comm="httpd" dest=25 scontext=system_u:system_r:httpd_t
>> tcontext=system_u:object_r:smtp_port_t tclass=tcp_socket
>> type=SYSCALL msg=audit(1133985478.317:38): arch=c000003e syscall=42
>> success=no exit=-13 a0=11 a1=2aaab21569f0 a2=10 a3=0 items=0 pid=2175
>> auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48
>> fsgid=48 comm="httpd" exe="/usr/sbin/httpd"
>> type=SOCKADDR msg=audit(1133985478.317:38):
>> saddr=020000195433A04E0000000000000000
>>
>> How do I modify my policy to allow this?
>
> Easiest way is
>
> setsebool -P httpd_can_network_connect=1
Daniel,
Thanks.
I came up with the following:
allow httpd_t smtp_port_t:tcp_socket name_connect;
CAn this be added to the std policy? Or preferably added as a boolean, e.g.:
setsebool -P httpd_can_send_mail
R.
More information about the fedora-selinux-list
mailing list