Description of problem: stock up-to-date F16 install with rt3 installed and configured can not send email due to SELinux AVC denials Version-Release number of selected component (if applicable): rt3-3.8.11-6.fc16.noarch How reproducible: open new ticket on fresh RT installation Steps to Reproduce: 1. install and initialize RT on fresh Fedora 16 box 2. open new ticket (e.g. via web u/i) 3. error entry gets logged right after initial ticket entry: Actual results: Second entry logged for the ticket reads: The RT System itself - System error Sending the previous mail has failed. Please contact your admin, they can find more details in the logs Expected results: The entry should read like this instead: The RT System itself - Outgoing email recorded Additional info: I poked around with 'audit2allow' and came up with the following policy to make the problem go away: module ini_rt3_mail 1.0; require { type mqueue_spool_t; type httpd_t; type etc_mail_t; class process setrlimit; class dir { write search getattr add_name }; class file { write getattr read lock create open }; } #============= httpd_t ============== allow httpd_t etc_mail_t:dir { search getattr }; allow httpd_t etc_mail_t:file { read getattr open }; allow httpd_t mqueue_spool_t:dir { write search getattr add_name }; allow httpd_t mqueue_spool_t:file { lock read write getattr create open }; allow httpd_t self:process setrlimit; Please consider adding a rt3-selinux subpackage as per http://fedoraproject.org/wiki/SELinux_Policy_Modules_Packaging_Draft Thanks, --G
Well, I do not understand why rt3 would need special SElinux rules to send emails, but my knowledge on SELinux rules is close to null. CC:-ing the selinux maintainers, may-be they can help.
If you want to setup apache to send mail then you need to turn on the httpd_can_sendmail boolean. setsebool -P httpd_can_sendmail 1
Thanks, setting the httpd_can_sendmail boolean took care of it !
Also setroubleshoot should tell you what to do or you can see more info using $ man httpd_selinux