Ask Your Question
1

How change SELinux context for postfix file on Fedora 20

asked 2014-04-24 22:45:35 -0500

joseluisq gravatar image

updated 2014-04-24 22:46:14 -0500

Hi, I want to change SELinux context for Postfix when I send emails via my localhost web server.
For example I'm using PHP to sending emails to my localhost inbox.
In my web server log appears something like so:
open /etc/postfix/main.cf Permission denied

My temporal solution was to change to permissive setenforce 0, but I think this is not secure.
Exists some way for to set one context for main.cf ?
Thanks !

edit retag flag offensive close merge delete

Comments

Do you really need to open main.cf from your web app?

none gravatar imagenone ( 2014-04-25 01:52:01 -0500 )edit

Yes, Recently I had changed sendmail to postfix and when I try to send emails via web, my log file shows me Permission denied

joseluisq gravatar imagejoseluisq ( 2014-04-25 10:17:13 -0500 )edit

show me output of this command: getsebool httpd_can_sendmail

none gravatar imagenone ( 2014-04-25 10:42:03 -0500 )edit

Next try send mail from your webapp, and then show us: ausearch-m avc -ts recent

none gravatar imagenone ( 2014-04-25 10:43:41 -0500 )edit

Ok, I will try it !

joseluisq gravatar imagejoseluisq ( 2014-04-25 11:05:18 -0500 )edit
see more comments

2 Answers

Sort by ยป oldest newest most voted
1

answered 2014-04-28 02:24:30 -0500

none gravatar image

So you solution is to turn on: httpd_can_sendmail

sudo setsebool -P httpd_can_sendmail true

-P will make it permanent.

edit flag offensive delete link more

Comments

It works !
Really I needed this to be permanent.
Thanks for tip !

joseluisq gravatar imagejoseluisq ( 2014-05-04 23:57:21 -0500 )edit
add a comment
2

answered 2014-04-25 07:07:23 -0500

tonioc gravatar image

In a general way,the permissive mode associated to auditd logs (/var/log/audit/audit.log) will allow you to understand what rule is being violated and possibly create custom rules to allow specific acess for a process on an object type. You may find interesting input for this in this doc: https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html-single/Security-Enhanced_Linux . Tools you may need to learn are for example audit2allow. An important point is to first understand the root cause of SElinux denial, and what you open when adding custom rules. The permissive mode is no bad in itself it you take car of analysing the logs.

edit flag offensive delete link more

Comments

Great ! I will check out about this. thanks

joseluisq gravatar imagejoseluisq ( 2014-04-25 10:19:15 -0500 )edit
add a comment

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2014-04-24 22:45:35 -0500

Seen: 814 times

Last updated: Apr 28 '14

Related questions

Fedora 20 gnome errors

Expand swap space in Fedora 20

fedora 20 resolution issue

install phpmyadmin in fedora 20

BlueJ not working

Skype install 64-bit Fedora 20

adobe reader( fedora20)?

backup tool for kde

Java is constantly generating an error log in my home directory?

need canon mx920 printer driver

Ask Fedora is community maintained and Red Hat or Fedora Project is not responsible for content. Content on this site is licensed under a CC-BY-SA 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2