Description of problem: Can not send mail throught php forms when SElinux is enabled Version-Release number of selected component (if applicable): selinux-policy-targeted-1.17.30-2.58 php-4.3.10-3.2 sendmail-8.13.1-2 How reproducible: Create a form with this code: <html><head></head><body> <? if (!$HTTP_POST_VARS){ ?> concurs<br> <form action="concurs.php" method=post> <input name="casella1" type=text size=20> <input name="submit" type=submit value="enviar"> </form> <? } else { $cos="aquest es el form".$HTTP_POST_VARS["casella1"]; mail("micro","concurs",$cos); echo "ENVIAT!!!"; } ?></body></html> open with a web browser Steps to Reproduce: 1.load the form 2.fill the form and submit it Actual results: in /var/log/messages you will see: Dec 28 08:31:00 myserver kernel: audit(1104247860.467:0): avc: denied { search } for pid=31665 exe=/usr/sbin/sendmail.sendmail name=spool dev=hda1 ino=6393669 scontext=user_u:system_r:httpd_sys_script_t tcontext=system_u:object_r:var_spool_t tclass=dir Dec 28 08:31:00 myserver kernel: audit(1104247860.468:0): avc: denied { create } for pid=31665 exe=/usr/sbin/sendmail.sendmail scontext=user_u:system_r:httpd_sys_script_t tcontext=user_u:system_r:httpd_sys_script_t tclass=unix_dgram_socket and the mail is never send Expected results: a mail have to be sent Additional info: Using the command: setenforce 0 The mail is sent
Could you check the context of sendmail ls -lZ /usr/sbin/sendmail.sendmail If it is not sendmail_exec_t please execute restorecon /usr/sbin/sendmail.sendmail Then try it the web page again.
I did it: [root@myserver sbin]# ls -lZ sendmail.sendmail -rwxr-sr-x root smmsp system_u:object_r:sbin_t sendmail.sendmail So I typed: [root@myserver sbin]# restorecon /usr/sbin/sendmail.sendmail [root@myserver sbin]# ls -lZ sendmail.sendmail -rwxr-sr-x root smmsp system_u:object_r:sendmail_exec_t sendmail.sendmail But the email is not send. The output of /var/log/messages is now larger: Dec 28 13:32:51 myserver kernel: audit(1104265971.893:0): avc: denied { append } for pid=884 exe=/usr/sbin/sendmail.sendmail path=/var/log/httpd/error_log dev=hda1 ino=6395040 scontext=user_u:system_r:system_mail_t tcontext=root:object_r:httpd_runtime_t tclass=file Dec 28 13:32:51 myserver kernel: audit(1104265971.893:0): avc: denied { append } for pid=884 exe=/usr/sbin/sendmail.sendmail path=/var/log/httpd/error_log dev=hda1 ino=6395040 scontext=user_u:system_r:system_mail_t tcontext=root:object_r:httpd_runtime_t tclass=file Dec 28 13:32:51 myserver kernel: audit(1104265971.894:0): avc: denied { append } for pid=884 exe=/usr/sbin/sendmail.sendmail path=/var/log/httpd/ssl_error_log dev=hda1 ino=6395042 scontext=user_u:system_r:system_mail_t tcontext=root:object_r:httpd_runtime_t tclass=file Dec 28 13:32:51 myserver kernel: audit(1104265971.894:0): avc: denied { append } for pid=884 exe=/usr/sbin/sendmail.sendmail path=/var/log/httpd/access_log dev=hda1 ino=6395039 scontext=user_u:system_r:system_mail_t tcontext=root:object_r:httpd_runtime_t tclass=file Dec 28 13:32:51 myserver kernel: audit(1104265971.894:0): avc: denied { append } for pid=884 exe=/usr/sbin/sendmail.sendmail path=/var/log/httpd/access_log dev=hda1 ino=6395039 scontext=user_u:system_r:system_mail_t tcontext=root:object_r:httpd_runtime_t tclass=file Dec 28 13:32:51 myserver kernel: audit(1104265971.894:0): avc: denied { append } for pid=884 exe=/usr/sbin/sendmail.sendmail path=/var/log/httpd/ssl_access_log dev=hda1 ino=6395041 scontext=user_u:system_r:system_mail_t tcontext=root:object_r:httpd_runtime_t tclass=file Dec 28 13:32:51 myserver kernel: audit(1104265971.894:0): avc: denied { append } for pid=884 exe=/usr/sbin/sendmail.sendmail path=/var/log/httpd/ssl_request_log dev=hda1 ino=6395043 scontext=user_u:system_r:system_mail_t tcontext=root:object_r:httpd_runtime_t tclass=file Dec 28 13:32:51 myserver kernel: audit(1104265971.929:0): avc: denied { write } for pid=884 exe=/usr/sbin/sendmail.sendmail name=clientmqueue dev=hda1 ino=6393753 scontext=user_u:system_r:system_mail_t tcontext=system_u:object_r:var_spool_t tclass=dir Dec 28 13:32:51 myserver kernel: audit(1104265971.932:0): avc: denied { write } for pid=884 exe=/usr/sbin/sendmail.sendmail name=clientmqueue dev=hda1 ino=6393753 scontext=user_u:system_r:system_mail_t tcontext=system_u:object_r:var_spool_t tclass=dir
restorecon -R -v /var/spool/ restorecon -R -v /var/log Should clear up the clientmqueue problem and logging problem.
Yes you are right! Now the mail is send. You solved it. Thank you very much!