Sendmail won't work with SELinux enabled?

General support questions including new installations
Post Reply
jimwillshe
Posts: 11
Joined: 2004/12/20 16:55:21
Location: Dunblane, Scotland
Contact:

Sendmail won't work with SELinux enabled?

Post by jimwillshe » 2005/03/15 09:55:19

Hi all,

CentOs 4.0 i386, clean install, running as a server (no GUI).

I can't seem to get sendmail to send out stuff from anything "local" such as PHP or Squirrelmail, when SELinux is enabled. When I send from squrrelmail I get the following in /var/log/messages:

Mar 15 09:49:41 orca kernel: audit(1110880181.204:0): avc: denied { read } for pid=19321 exe=/usr/sbin/sendmail.sendmail name=urandom dev=tmpfs ino=435 scontext=user_u:system_r:system_mail_t tcontext=system_u:object_r:urandom_device_t tclass=chr_file

Mar 15 09:49:41 orca kernel: audit(1110880181.204:0): avc: denied { read } for pid=19321 exe=/usr/sbin/sendmail.sendmail name=random dev=tmpfs ino=433 scontext=user_u:system_r:system_mail_t tcontext=system_u:object_r:random_device_t tclass=chr_file


If I disable SEL via:

echo "0" >/selinux/enforce

the messages are sent without issue.

I've used chcon to enable SEL on /var/www/html for wesbites, and that all works fine, but I don't know what to run fro sendmail.

I've had to switch off SEL until I can get this resolved. Does anyone have any suggestions?


Many thanks,


Jim

jimwillshe
Posts: 11
Joined: 2004/12/20 16:55:21
Location: Dunblane, Scotland
Contact:

Re: Sendmail won't work with SELinux enabled?

Post by jimwillshe » 2005/03/15 14:20:47

I've done some further digging. I have TLS enabled for sendmail - could it be that sendmail cannot access the random number generator for TLS functionality? If so, any ideas what I would "chcon" to get that to work?

Somebog (google) mentioned about relabling files with a "fixfiles relable" - any comments? I don't want to screw up my system :-(

Many thanks,


Jim

devil
Posts: 42
Joined: 2005/02/08 15:41:01
Location: Bangalore

Re: Sendmail won't work with SELinux enabled?

Post by devil » 2005/03/18 14:50:53

Selinux is in very primary stages of integration, i have faced sleepless nights on my keyboard trying to get the damn think working, its miserably failed or m not that good with SeLinux, either way, i find the tradtional way of jail + config file tweaking better in tearms on securing or performace tweaking

Post Reply

Return to “CentOS 4 - General Support”