LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   Sendmail won't work with SELinux enabled? (http://www.linuxquestions.org/questions/linux-security-4/sendmail-wont-work-with-selinux-enabled-301768/)

jimwillsher 03-15-2005 03:58 AM

Sendmail won't work with SELinux enabled?
 
Hi all,

CentOs 4.0 i386, clean install, running as a server (no GUI).

I can't seem to get sendmail to send out stuff from anything "local" such as PHP or Squirrelmail, when SELinux is enabled. When I send from squrrelmail I get the following in /var/log/messages:

Mar 15 09:49:41 orca kernel: audit(1110880181.204:0): avc: denied { read } for pid=19321 exe=/usr/sbin/sendmail.sendmail name=urandom dev=tmpfs ino=435 scontext=user_u:system_r:system_mail_t tcontext=system_u:object_r:urandom_device_t tclass=chr_file

Mar 15 09:49:41 orca kernel: audit(1110880181.204:0): avc: denied { read } for pid=19321 exe=/usr/sbin/sendmail.sendmail name=random dev=tmpfs ino=433 scontext=user_u:system_r:system_mail_t tcontext=system_u:object_r:random_device_t tclass=chr_file


If I disable SEL via:

echo "0" >/selinux/enforce

the messages are sent without issue.

I've used chcon to enable SEL on /var/www/html for wesbites, and that all works fine, but I don't know what to run fro sendmail.

I've had to switch off SEL until I can get this resolved. Does anyone have any suggestions?


Many thanks,


Jim

jimwillsher 03-15-2005 08:16 AM

I've done some further digging. I have TLS enabled for sendmail - could it be that sendmail cannot access the random number generator for TLS functionality? If so, any ideas what I would "chcon" to get that to work?

Many thanks,


Jim


All times are GMT -5. The time now is 07:53 PM.