Ask Your Question
1

How change SELinux context for postfix file on Fedora 20

asked 2014-04-24 22:45:35 -0600

joseluisq gravatar image

updated 2014-04-24 22:46:14 -0600

Hi, I want to change SELinux context for Postfix when I send emails via my localhost web server.
For example I'm using PHP to sending emails to my localhost inbox.
In my web server log appears something like so:
open /etc/postfix/main.cf Permission denied

My temporal solution was to change to permissive setenforce 0, but I think this is not secure.
Exists some way for to set one context for main.cf ?
Thanks !

edit retag flag offensive close merge delete

Comments

Do you really need to open main.cf from your web app?

none gravatar imagenone ( 2014-04-25 01:52:01 -0600 )edit

Yes, Recently I had changed sendmail to postfix and when I try to send emails via web, my log file shows me Permission denied

joseluisq gravatar imagejoseluisq ( 2014-04-25 10:17:13 -0600 )edit

show me output of this command: getsebool httpd_can_sendmail

none gravatar imagenone ( 2014-04-25 10:42:03 -0600 )edit

Next try send mail from your webapp, and then show us: ausearch-m avc -ts recent

none gravatar imagenone ( 2014-04-25 10:43:41 -0600 )edit

Ok, I will try it !

joseluisq gravatar imagejoseluisq ( 2014-04-25 11:05:18 -0600 )edit
see more comments

2 Answers

Sort by ยป oldest newest most voted
1

answered 2014-04-28 02:24:30 -0600

none gravatar image

So you solution is to turn on: httpd_can_sendmail

sudo setsebool -P httpd_can_sendmail true

-P will make it permanent.

edit flag offensive delete link more

Comments

It works !
Really I needed this to be permanent.
Thanks for tip !

joseluisq gravatar imagejoseluisq ( 2014-05-04 23:57:21 -0600 )edit
add a comment
2

answered 2014-04-25 07:07:23 -0600

tonioc gravatar image

In a general way,the permissive mode associated to auditd logs (/var/log/audit/audit.log) will allow you to understand what rule is being violated and possibly create custom rules to allow specific acess for a process on an object type. You may find interesting input for this in this doc: https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html-single/Security-Enhanced_Linux . Tools you may need to learn are for example audit2allow. An important point is to first understand the root cause of SElinux denial, and what you open when adding custom rules. The permissive mode is no bad in itself it you take car of analysing the logs.

edit flag offensive delete link more

Comments

Great ! I will check out about this. thanks

joseluisq gravatar imagejoseluisq ( 2014-04-25 10:19:15 -0600 )edit
add a comment

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2014-04-24 22:45:35 -0600

Seen: 808 times

Last updated: Apr 28 '14

Related questions

Samba fedora 23 server

Slow wifi internet in Fedora 20

Show Bluetooth icon on GNOME top panel

Fedora 20: Where is the new Firefox 32?

POSTFIX from address is hostname.domain, how do I set it to domain?

how to play .mkv in fedora 20

Problem with dvi-cable on fedora 20

how to install Adobe Air in Fedora 20 ?

SELinux is preventing multiqueue0:src from 'read' accesses on the file mmap_min_addr

replacing grub-efi with gummiboot

Ask Fedora is community maintained and Red Hat or Fedora Project is not responsible for content. Content on this site is licensed under a CC-BY-SA 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2