Hi,
I posted this message a few days ago, but haven't seen any reply. Did I miss some posts? Here, I include my test code and post it again. Hope selinux experts can help me.
My system information --
os: RedHat FC3 linux, kernel-2.6.10-1.741_FC3, selinux enforced, iptables enabled selinux: selinux-policy-targeted-1.17.30-2.73 (the most update one) iptables: iptables-1.2.11-3.1.FC3 web: httpd-2.0.52-3.1 sendmail: sendmail-8.13.1-2 php: php-4.3.10-3.2 SELINUXTYPE targeted
I have a testing feedback php code for my web site using
mail($toaddress, $subject, $feedback, $fromaddress);
If selinux is disabled, the code works well. The user ($toaddress) receives the content ($mailcontent), etc. However, if selinux is enforced, the user does not receive it and the system log shows:
Jan 28 14:19:46 pippo kernel: audit(1106943586.048:0): avc: denied { read } for pid=6801 exe=/usr/sbin/sendmail.sendmail name=clientmqueue dev=hda3 ino=470506 scontext=user_u:system_r:httpd_sys_script_t tcontext=system_u:object_r:mqueue_spool_t tclass=dir
Should I do something to make it working with selinux enforced?
Is there anybody out there who uses php's mail() function in the "feedback form" in his web server? Below is my testing php code. The only line you need to change is the first line where you can replace "your-email-address" with your email address to see if you receive mail or get error (system log, not from web or email) when selinux is enforced:
<?php
$toaddress = 'your-email-address';
$feedback = 'This is a test.'; $subject = 'Feedback from web'; $fromaddress = "From: webmaster@your.domain\r\n";
mail($toaddress, $subject, $feedback, $fromaddress);
?>
Selinux experts: please test this code on your web server and I appreciate all help!
Hongwei Li
On Tue, Feb 01, 2005 at 09:27:16AM -0600, Hongwei Li wrote:
Hi,
I posted this message a few days ago, but haven't seen any reply. Did I miss some posts? Here, I include my test code and post it again. Hope selinux experts can help me.
PHP mail() should be working if you are really running the latest policy, it works fine here. Do you have an /etc/selinux/targeted/policy.18.rpmnew file?
joe
Hongwei Li wrote:
Hi,
I posted this message a few days ago, but haven't seen any reply. Did I miss some posts? Here, I include my test code and post it again. Hope selinux experts can help me.
My system information --
os: RedHat FC3 linux, kernel-2.6.10-1.741_FC3, selinux enforced, iptables enabled selinux: selinux-policy-targeted-1.17.30-2.73 (the most update one) iptables: iptables-1.2.11-3.1.FC3 web: httpd-2.0.52-3.1 sendmail: sendmail-8.13.1-2 php: php-4.3.10-3.2 SELINUXTYPE targeted
I have a testing feedback php code for my web site using
mail($toaddress, $subject, $feedback, $fromaddress);
If selinux is disabled, the code works well. The user ($toaddress) receives the content ($mailcontent), etc. However, if selinux is enforced, the user does not receive it and the system log shows:
Jan 28 14:19:46 pippo kernel: audit(1106943586.048:0): avc: denied { read } for pid=6801 exe=/usr/sbin/sendmail.sendmail name=clientmqueue dev=hda3 ino=470506 scontext=user_u:system_r:httpd_sys_script_t tcontext=system_u:object_r:mqueue_spool_t tclass=dir
Should I do something to make it working with selinux enforced?
Is there anybody out there who uses php's mail() function in the "feedback form" in his web server? Below is my testing php code. The only line you need to change is the first line where you can replace "your-email-address" with your email address to see if you receive mail or get error (system log, not from web or email) when selinux is enforced:
<?php $toaddress = 'your-email-address'; $feedback = 'This is a test.'; $subject = 'Feedback from web'; $fromaddress = "From: webmaster@your.domain\r\n"; mail($toaddress, $subject, $feedback, $fromaddress); ?>
Selinux experts: please test this code on your web server and I appreciate all help!
Hongwei Li
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com http://www.redhat.com/mailman/listinfo/fedora-selinux-list
restorecon /usr/sbin/sendmail.sendmail
selinux@lists.fedoraproject.org