Bug 143794 - Can not send mail in php forms when SELinux is enabled
Can not send mail in php forms when SELinux is enabled
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
3
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-12-28 03:52 EST by David Martos
Modified: 2007-11-30 17:10 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-12-28 09:21:35 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description David Martos 2004-12-28 03:52:23 EST
Description of problem:
Can not send mail throught php forms when SElinux is enabled

Version-Release number of selected component (if applicable):
selinux-policy-targeted-1.17.30-2.58
php-4.3.10-3.2
sendmail-8.13.1-2

How reproducible:
Create a form with this code:

<html><head></head><body>
<?
if (!$HTTP_POST_VARS){
?>
concurs<br>
<form action="concurs.php" method=post>
<input name="casella1" type=text size=20>
<input name="submit" type=submit value="enviar">
</form>
<?
} else {
  $cos="aquest es el form".$HTTP_POST_VARS["casella1"];
  mail("micro@microcalella.com","concurs",$cos);
  echo "ENVIAT!!!";
}
?></body></html>
open with a web browser

Steps to Reproduce:
1.load the form 
2.fill the form and submit it

  
Actual results:
in /var/log/messages you will see:

Dec 28 08:31:00 myserver kernel: audit(1104247860.467:0): avc:  denied
 { search } for  pid=31665 exe=/usr/sbin/sendmail.sendmail name=spool
dev=hda1 ino=6393669 scontext=user_u:system_r:httpd_sys_script_t
tcontext=system_u:object_r:var_spool_t tclass=dir
Dec 28 08:31:00 myserver kernel: audit(1104247860.468:0): avc:  denied
 { create } for  pid=31665 exe=/usr/sbin/sendmail.sendmail
scontext=user_u:system_r:httpd_sys_script_t
tcontext=user_u:system_r:httpd_sys_script_t tclass=unix_dgram_socket

and the mail is never send

Expected results:
a mail have to be sent

Additional info:
Using the command: setenforce 0
The mail is sent
Comment 1 Daniel Walsh 2004-12-28 08:23:56 EST
Could you check the context of sendmail
ls -lZ /usr/sbin/sendmail.sendmail

If it is not sendmail_exec_t please execute
restorecon /usr/sbin/sendmail.sendmail

Then try it the web page again.
Comment 2 David Martos 2004-12-28 08:42:03 EST
I did it:
[root@myserver sbin]# ls -lZ sendmail.sendmail
-rwxr-sr-x  root     smmsp    system_u:object_r:sbin_t        
sendmail.sendmail

So I typed:
[root@myserver sbin]# restorecon /usr/sbin/sendmail.sendmail
[root@myserver sbin]# ls -lZ sendmail.sendmail
-rwxr-sr-x  root     smmsp    system_u:object_r:sendmail_exec_t
sendmail.sendmail

But the email is not send.
The output of /var/log/messages  is now larger:

Dec 28 13:32:51 myserver kernel: audit(1104265971.893:0): avc:  denied
 { append } for  pid=884 exe=/usr/sbin/sendmail.sendmail
path=/var/log/httpd/error_log dev=hda1 ino=6395040
scontext=user_u:system_r:system_mail_t
tcontext=root:object_r:httpd_runtime_t tclass=file
Dec 28 13:32:51 myserver kernel: audit(1104265971.893:0): avc:  denied
 { append } for  pid=884 exe=/usr/sbin/sendmail.sendmail
path=/var/log/httpd/error_log dev=hda1 ino=6395040
scontext=user_u:system_r:system_mail_t
tcontext=root:object_r:httpd_runtime_t tclass=file
Dec 28 13:32:51 myserver kernel: audit(1104265971.894:0): avc:  denied
 { append } for  pid=884 exe=/usr/sbin/sendmail.sendmail
path=/var/log/httpd/ssl_error_log dev=hda1 ino=6395042
scontext=user_u:system_r:system_mail_t
tcontext=root:object_r:httpd_runtime_t tclass=file
Dec 28 13:32:51 myserver kernel: audit(1104265971.894:0): avc:  denied
 { append } for  pid=884 exe=/usr/sbin/sendmail.sendmail
path=/var/log/httpd/access_log dev=hda1 ino=6395039
scontext=user_u:system_r:system_mail_t
tcontext=root:object_r:httpd_runtime_t tclass=file
Dec 28 13:32:51 myserver kernel: audit(1104265971.894:0): avc:  denied
 { append } for  pid=884 exe=/usr/sbin/sendmail.sendmail
path=/var/log/httpd/access_log dev=hda1 ino=6395039
scontext=user_u:system_r:system_mail_t
tcontext=root:object_r:httpd_runtime_t tclass=file
Dec 28 13:32:51 myserver kernel: audit(1104265971.894:0): avc:  denied
 { append } for  pid=884 exe=/usr/sbin/sendmail.sendmail
path=/var/log/httpd/ssl_access_log dev=hda1 ino=6395041
scontext=user_u:system_r:system_mail_t
tcontext=root:object_r:httpd_runtime_t tclass=file
Dec 28 13:32:51 myserver kernel: audit(1104265971.894:0): avc:  denied
 { append } for  pid=884 exe=/usr/sbin/sendmail.sendmail
path=/var/log/httpd/ssl_request_log dev=hda1 ino=6395043
scontext=user_u:system_r:system_mail_t
tcontext=root:object_r:httpd_runtime_t tclass=file
Dec 28 13:32:51 myserver kernel: audit(1104265971.929:0): avc:  denied
 { write } for  pid=884 exe=/usr/sbin/sendmail.sendmail
name=clientmqueue dev=hda1 ino=6393753
scontext=user_u:system_r:system_mail_t
tcontext=system_u:object_r:var_spool_t tclass=dir
Dec 28 13:32:51 myserver kernel: audit(1104265971.932:0): avc:  denied
 { write } for  pid=884 exe=/usr/sbin/sendmail.sendmail
name=clientmqueue dev=hda1 ino=6393753
scontext=user_u:system_r:system_mail_t
tcontext=system_u:object_r:var_spool_t tclass=dir
Comment 3 Daniel Walsh 2004-12-28 08:46:48 EST
restorecon -R -v /var/spool/
restorecon -R -v /var/log

Should clear up the clientmqueue problem and logging problem.
Comment 4 David Martos 2004-12-28 08:57:00 EST
Yes you are right!
Now the mail is send.
You solved it.
Thank you very much! 

Note You need to log in before you can comment on or make changes to this bug.