Bug 143794 - Can not send mail in php forms when SELinux is enabled
Summary: Can not send mail in php forms when SELinux is enabled
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted
Version: 3
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2004-12-28 08:52 UTC by David Martos
Modified: 2007-11-30 22:10 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2004-12-28 14:21:35 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description David Martos 2004-12-28 08:52:23 UTC
Description of problem:
Can not send mail throught php forms when SElinux is enabled

Version-Release number of selected component (if applicable):
selinux-policy-targeted-1.17.30-2.58
php-4.3.10-3.2
sendmail-8.13.1-2

How reproducible:
Create a form with this code:

<html><head></head><body>
<?
if (!$HTTP_POST_VARS){
?>
concurs<br>
<form action="concurs.php" method=post>
<input name="casella1" type=text size=20>
<input name="submit" type=submit value="enviar">
</form>
<?
} else {
  $cos="aquest es el form".$HTTP_POST_VARS["casella1"];
  mail("micro","concurs",$cos);
  echo "ENVIAT!!!";
}
?></body></html>
open with a web browser

Steps to Reproduce:
1.load the form 
2.fill the form and submit it

  
Actual results:
in /var/log/messages you will see:

Dec 28 08:31:00 myserver kernel: audit(1104247860.467:0): avc:  denied
 { search } for  pid=31665 exe=/usr/sbin/sendmail.sendmail name=spool
dev=hda1 ino=6393669 scontext=user_u:system_r:httpd_sys_script_t
tcontext=system_u:object_r:var_spool_t tclass=dir
Dec 28 08:31:00 myserver kernel: audit(1104247860.468:0): avc:  denied
 { create } for  pid=31665 exe=/usr/sbin/sendmail.sendmail
scontext=user_u:system_r:httpd_sys_script_t
tcontext=user_u:system_r:httpd_sys_script_t tclass=unix_dgram_socket

and the mail is never send

Expected results:
a mail have to be sent

Additional info:
Using the command: setenforce 0
The mail is sent

Comment 1 Daniel Walsh 2004-12-28 13:23:56 UTC
Could you check the context of sendmail
ls -lZ /usr/sbin/sendmail.sendmail

If it is not sendmail_exec_t please execute
restorecon /usr/sbin/sendmail.sendmail

Then try it the web page again.

Comment 2 David Martos 2004-12-28 13:42:03 UTC
I did it:
[root@myserver sbin]# ls -lZ sendmail.sendmail
-rwxr-sr-x  root     smmsp    system_u:object_r:sbin_t        
sendmail.sendmail

So I typed:
[root@myserver sbin]# restorecon /usr/sbin/sendmail.sendmail
[root@myserver sbin]# ls -lZ sendmail.sendmail
-rwxr-sr-x  root     smmsp    system_u:object_r:sendmail_exec_t
sendmail.sendmail

But the email is not send.
The output of /var/log/messages  is now larger:

Dec 28 13:32:51 myserver kernel: audit(1104265971.893:0): avc:  denied
 { append } for  pid=884 exe=/usr/sbin/sendmail.sendmail
path=/var/log/httpd/error_log dev=hda1 ino=6395040
scontext=user_u:system_r:system_mail_t
tcontext=root:object_r:httpd_runtime_t tclass=file
Dec 28 13:32:51 myserver kernel: audit(1104265971.893:0): avc:  denied
 { append } for  pid=884 exe=/usr/sbin/sendmail.sendmail
path=/var/log/httpd/error_log dev=hda1 ino=6395040
scontext=user_u:system_r:system_mail_t
tcontext=root:object_r:httpd_runtime_t tclass=file
Dec 28 13:32:51 myserver kernel: audit(1104265971.894:0): avc:  denied
 { append } for  pid=884 exe=/usr/sbin/sendmail.sendmail
path=/var/log/httpd/ssl_error_log dev=hda1 ino=6395042
scontext=user_u:system_r:system_mail_t
tcontext=root:object_r:httpd_runtime_t tclass=file
Dec 28 13:32:51 myserver kernel: audit(1104265971.894:0): avc:  denied
 { append } for  pid=884 exe=/usr/sbin/sendmail.sendmail
path=/var/log/httpd/access_log dev=hda1 ino=6395039
scontext=user_u:system_r:system_mail_t
tcontext=root:object_r:httpd_runtime_t tclass=file
Dec 28 13:32:51 myserver kernel: audit(1104265971.894:0): avc:  denied
 { append } for  pid=884 exe=/usr/sbin/sendmail.sendmail
path=/var/log/httpd/access_log dev=hda1 ino=6395039
scontext=user_u:system_r:system_mail_t
tcontext=root:object_r:httpd_runtime_t tclass=file
Dec 28 13:32:51 myserver kernel: audit(1104265971.894:0): avc:  denied
 { append } for  pid=884 exe=/usr/sbin/sendmail.sendmail
path=/var/log/httpd/ssl_access_log dev=hda1 ino=6395041
scontext=user_u:system_r:system_mail_t
tcontext=root:object_r:httpd_runtime_t tclass=file
Dec 28 13:32:51 myserver kernel: audit(1104265971.894:0): avc:  denied
 { append } for  pid=884 exe=/usr/sbin/sendmail.sendmail
path=/var/log/httpd/ssl_request_log dev=hda1 ino=6395043
scontext=user_u:system_r:system_mail_t
tcontext=root:object_r:httpd_runtime_t tclass=file
Dec 28 13:32:51 myserver kernel: audit(1104265971.929:0): avc:  denied
 { write } for  pid=884 exe=/usr/sbin/sendmail.sendmail
name=clientmqueue dev=hda1 ino=6393753
scontext=user_u:system_r:system_mail_t
tcontext=system_u:object_r:var_spool_t tclass=dir
Dec 28 13:32:51 myserver kernel: audit(1104265971.932:0): avc:  denied
 { write } for  pid=884 exe=/usr/sbin/sendmail.sendmail
name=clientmqueue dev=hda1 ino=6393753
scontext=user_u:system_r:system_mail_t
tcontext=system_u:object_r:var_spool_t tclass=dir


Comment 3 Daniel Walsh 2004-12-28 13:46:48 UTC
restorecon -R -v /var/spool/
restorecon -R -v /var/log

Should clear up the clientmqueue problem and logging problem.

Comment 4 David Martos 2004-12-28 13:57:00 UTC
Yes you are right!
Now the mail is send.
You solved it.
Thank you very much! 


Note You need to log in before you can comment on or make changes to this bug.