Description of problem: type=AVC msg=audit(1231842874.365:12653): avc: denied { read } for pid=16853 comm="sendmail" path="eventpoll:[2710364]" dev=eventpollfs ino=2710364 scontext=root:system_r:system_mail_t:s0 tcontext=root:system_r:httpd_t:s0 tclass=file I can solve it out with this custom policy: require { type httpd_t; type system_mail_t; class file read; } #============= system_mail_t ============== allow system_mail_t httpd_t:file read; Version-Release number of selected component (if applicable): postfix-2.3.3-2.1.el5_2 (sendmail.postfix) Additional info: OS: Centos 5.2
installed selinux: selinux-policy-2.4.6-137.1.el5
This is pretty strange and I have never seen it before or in Fedora releases. Probably is not blocking any thing of use, Are you receiving email?
I've just set SElinux to enforce mode and it looks like no one is suffering because of that. I'll let you know any news
I have seen this with CentOS5. It seems that httpd is leaking file descriptors when it is forking sendmail. type=AVC msg=audit(1235275202.224:934): avc: denied { read } for pid=18556 comm="sendmail" path="eventpoll:[245714]" dev=eventpollfs ino=245714 scontext=system_u:system_r:system_mail_t:s0 tcontext=sys tem_u:system_r:httpd_t:s0 tclass=file lsof command shows COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME httpd 3194 apache 14r 0000 0,10 0 245714 eventpoll so SELinux is preventing sendmail accessing httpd's eventpoll, which seems correct thing to do.
From what are you invoking sendmail? A php script? Expected behaviour, if so. (It's due to an impedance mismatch between the httpd API which prevents fd leaks, and the PHP code, which doesn't use it)
> From what are you invoking sendmail? PHP program which uses PHPMailer. PHPMailer then runs sendmail with popen().
Right, expected behaviour then, I'm afraid. This should get fixed in some future release when O_CLOEXEC support is integrated properly into APR, but this is unlikely to be suitable to backport to RHEL5.
Adding dontaudit to selinux-policy-2.4.6-216.el5