Request Tracker 3
Daniel J Walsh
dwalsh at redhat.com
Thu Feb 3 15:24:03 UTC 2005
Kanwar Ranbir Sandhu wrote:
>On Wed, 2005-02-02 at 12:42 -0500, Daniel J Walsh wrote:
>
>
>>For the time being you might want to
>>change the
>>turn httpd transitioning off.
>>
>>setsebool -P httpd_disable_trans 1
>>
>>
>
>I gave that a shot, but it doesn't work. A denial is still reported:
>
>avc: denied { search } for pid=6904 exe=/usr/sbin/sendmail.postfix
>name=postfix dev=dm-5 ino=34833 scontext=root:system_r:system_mail_t
>tcontext=system_u:object_r:mail_spool_t tclass=dir
>
>BTW, the error reported in /var/log/maillog is this:
>
>postfix/sendmail[6904]: fatal: chdir /var/spool/postfix: Permission
>denied
>
>Email is making it's way into RT because tickets are being created.
>It's just the auto replies from RT that aren't making it out.
>Basically, RT is not being allowed to SEND email.
>
>Since I'm still running tests on RT (just upgraded), I'm going to set
>SElinux to permissive mode. I'm sure I'm going to run into other
>problems with selinux.
>
>Regards,
>
>Ranbir
>
>
>
There is a bug in targeted policy that allows the system to transition
from unconfined_t to httpd_sys_script_t even
if httpd_disable_trans is set.
selinux-policy-targeted-1.17.30-2.76 should fix this for FC3
selinux-policy-targeted-1.21.8.3 should fix this for rawhide
both are available on
ftp://people.redhat.com/dwalsh/SELinux/{FC3,Fedora}
More information about the fedora-selinux-list
mailing list