On Thu, 2008-03-13 at 18:32 -0400, Daniel J Walsh wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Donald Reader wrote: > > I have narrowed down my SELinux errors to just one while > > using php to send mail via it's mail function. For the life > > of me I can't get this one figured out as I did an updatedb > > so I could try and use locate to find the file that is > > being complained about with no luck at all. > > > > If anyone can shed some light on this I would appreciate it > > greatly. Attached is the sealert with all the info on the problem. > > > > Thank You > > Donald Reader > > > These avc's show sendmail attempting to read files created by the apache > process (mod_php) in /tmp. sendmail is also trying to read a file off > of /usr/share/GeoIP/GeoIP.dat which is labeled usr_t. The easiest thing > for you to do is to build a local policy module > > > # grep httpd /var/log/audit/audit.log | audit2allow -M myhttp > # semodule -i myhttp.pp > > This would allow the mail program to read these files. > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.8 (GNU/Linux) > Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org > > iEYEARECAAYFAkfZq3QACgkQrlYvE4MpobMJoACgtUP9awE738qPTceRR1K9fU+H > rM0AoMjM+Xq09iGJfuEjgMRDDnJPSmMs > =bPMH > -----END PGP SIGNATURE----- Thank you again Dan. I copied and pasted the command you gave me then ran it of course. then did an edit replacing httpd with sendmail and ran another set of commands. Now I don't get the alert when sending emails. Another command to keep in my arsenal for future use. Thank You Donald Reader
