Description of problem: Squirrelmail reports: Email delivery error Server replied: 127 Can't execute command '/usr/sbin/sendmail -i -t -forion.com'. dmesg: audit(1162938993.188:19): avc: denied { execute_no_trans } for pid=4998 comm="httpd" name="bash" dev=dm-0 ino=92194 scontext=root:system_r:httpd_t:s0 tcontext=system_u:object_r:shell_exec_t:s0 tclass=file Version-Release number of selected component (if applicable): selinux-policy-2.4.1-3.fc6 Finally ended up with the following module: module squirrelmail 1.0.1; require { class file { execute_no_trans read }; type httpd_t; type shell_exec_t; role system_r; }; allow httpd_t shell_exec_t:file { execute_no_trans read }; This allows sendmail to be executed, but still results in the following messages: audit(1162939355.032:28): avc: denied { getattr } for pid=5119 comm="sh" name="bash" dev=dm-0 ino=92194 scontext=root:system_r:httpd_t:s0 tcontext=system_u:object_r:shell_exec_t:s0 tclass=file audit(1162939355.032:29): avc: denied { read } for pid=5119 comm="sendmail" name="[19173]" dev=eventpollfs ino=19173 scontext=root:system_r:system_mail_t:s0 tcontext=root:system_r:httpd_t:s0 tclass=file
Please download the latest policy update selinux-policy-2.4.3-2.fc6 Which should fix the shell problem. I have no idea why sendmail is trying to look at httpd_t, does this cause a failure?
2.4.3-2.fc6 does fix the shell problem. Still have: avc: denied { read } for pid=17546 comm="sendmail" name="[3522238]" dev=eventpollfs ino=3522238 scontext=root:system_r:system_mail_t:s0 tcontext=root:system_r:httpd_t:s0 tclass=file but it does not appear to cause any problems. What the heck is dev=eventpollfs?
I have no idea what this is and since it is not causing a problem you could probably dontaudit it. Might be some buggy code?
Fixed in current release