selinux and mail() in php code

Daniel J Walsh dwalsh at redhat.com
Tue Feb 1 22:25:47 UTC 2005 

Hongwei Li wrote:

>Hi,
>
>I posted this message a few days ago, but haven't seen any reply.  Did I
>miss some posts?  Here, I include my test code and post it again.  Hope
>selinux experts can help me.
>
>My system information --
>
>os:             RedHat FC3 linux, kernel-2.6.10-1.741_FC3, selinux
>enforced, iptables enabled
>selinux:        selinux-policy-targeted-1.17.30-2.73 (the most update one)
>iptables:       iptables-1.2.11-3.1.FC3
>web:            httpd-2.0.52-3.1
>sendmail:       sendmail-8.13.1-2
>php:            php-4.3.10-3.2
>SELINUXTYPE     targeted
>
>I have a testing feedback php code for my web site using
>
>mail($toaddress, $subject, $feedback, $fromaddress);
>
>If selinux is disabled, the code works well.  The user ($toaddress)
>receives the content ($mailcontent), etc.  However, if selinux is
>enforced, the user does not receive it and the system log shows:
>
>Jan 28 14:19:46 pippo kernel: audit(1106943586.048:0): avc:  denied  {
>read } for  pid=6801 exe=/usr/sbin/sendmail.sendmail name=clientmqueue
>dev=hda3 ino=470506 scontext=user_u:system_r:httpd_sys_script_t
>tcontext=system_u:object_r:mqueue_spool_t tclass=dir
>
>Should I do something to make it working with selinux enforced?
>
>Is there anybody out there who uses php's mail() function in the "feedback
>form" in his web server?  Below is my testing php code.  The only line you
>need to change is the first line where you can replace
>"your-email-address" with your email address to see if you receive mail or
>get error (system log, not from web or email) when selinux is enforced:
>
><?php
>
> $toaddress = 'your-email-address';
>
> $feedback = 'This is a test.';
> $subject = 'Feedback from web';
> $fromaddress = "From: webmaster at your.domain\r\n";
>
> mail($toaddress, $subject, $feedback, $fromaddress);
>
>?>
>
>Selinux experts: please test this code on your web server and I appreciate
>all help!
>
>Hongwei Li
>
>--
>fedora-selinux-list mailing list
>fedora-selinux-list at redhat.com
>http://www.redhat.com/mailman/listinfo/fedora-selinux-list
>  
>
restorecon /usr/sbin/sendmail.sendmail

More information about the fedora-selinux-list mailing list