View Issue Details

IDProjectCategoryView StatusLast Update
0015940CentOS-7selinux-policypublic2019-03-20 22:35
ReporterIxChel 
PrioritynormalSeverityminorReproducibilityhave not tried
Status newResolutionopen 
PlatformOSOS Version7
Product Version 
Target VersionFixed in Version 
Summary0015940: SELinux is preventing /usr/sbin/sendmail.postfix from 'read' accesses on the archivo /etc/postfix/main.cf.
DescriptionDescription of problem:
SELinux is preventing /usr/sbin/sendmail.postfix from 'read' accesses on the archivo /etc/postfix/main.cf.

***** Plugin httpd_can_sendmail (91.4 confidence) suggests ****************

Si quiere permitir que httpd envíe correos
Then debe configurar a SELinux para permitir esto.
Do
setsebool -P httpd_can_sendmail=1

***** Plugin catchall (9.59 confidence) suggests **************************

Si cree que de manera predeterminada se debería permitir a sendmail.postfix el acceso read sobre main.cf file.
Then debería reportar esto como un error.
Puede generar un módulo de política local para permitir este acceso.
Do
permita el acceso temporalmente ejecutando:
# ausearch -c 'sendmail' --raw | audit2allow -M mi-sendmail
# semodule -i mi-sendmail.pp

Additional Information:
Source Context system_u:system_r:httpd_t:s0
Target Context system_u:object_r:postfix_etc_t:s0
Target Objects /etc/postfix/main.cf [ file ]
Source sendmail
Source Path /usr/sbin/sendmail.postfix
Port <Unknown>
Host (removed)
Source RPM Packages postfix-2.10.1-7.el7.x86_64
Target RPM Packages postfix-2.10.1-7.el7.x86_64
Policy RPM selinux-policy-3.13.1-229.el7_6.9.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name (removed)
Platform Linux (removed) 3.10.0-957.5.1.el7.x86_64 #1 SMP
                              Fri Feb 1 14:54:57 UTC 2019 x86_64 x86_64
Alert Count 1
First Seen 2019-03-19 16:52:56 CST
Last Seen 2019-03-19 16:52:56 CST
Local ID 4a23aae8-9f61-461d-b2ec-b02a519fcbaf

Raw Audit Messages
type=AVC msg=audit(1553035976.136:2730): avc: denied { read } for pid=12718 comm="sendmail" name="main.cf" dev="dm-0" ino=68566750 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:postfix_etc_t:s0 tclass=file permissive=0


type=SYSCALL msg=audit(1553035976.136:2730): arch=x86_64 syscall=open success=no exit=EACCES a0=555d3efbfc60 a1=0 a2=0 a3=3 items=0 ppid=5420 pid=12718 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm=sendmail exe=/usr/sbin/sendmail.postfix subj=system_u:system_r:httpd_t:s0 key=(null)

Hash: sendmail,httpd_t,postfix_etc_t,file,read

Version-Release number of selected component:
selinux-policy-3.13.1-229.el7_6.9.noarch
Additional Informationreporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 3.10.0-957.10.1.el7.x86_64
reproducible: Not sure how to reproduce the problem
type: libreport
TagsNo tags attached.
abrt_hashd7757f766fecb2884f27099816a02d06ebf89ebc2b74645927cf8f372ac88a1c
URL

Activities

There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2019-03-20 22:35 IxChel New Issue