Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.

Bug 154751

Summary: php mail() function blocked by selinux policy
Product: Red Hat Enterprise Linux 4 Reporter: Gianluca Sforna <giallu>
Component: selinux-policy-targetedAssignee: Daniel Walsh <dwalsh>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 4.0CC: tao
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: u1 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-07-21 18:24:24 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Description Gianluca Sforna 2005-04-13 22:39:09 UTC
Description of problem:
The selinux policy is preventing me from usinf the php mail() function.
Please note I am using postfix in my machine, so the same _could_ work with the
default MTA (sendmail).

Version-Release number of selected component (if applicable):
selinux-policy-targeted-1.17.30-2.52.1.noarch

How reproducible:
always

Steps to Reproduce:
1. Of course you need an httpd server with php enabled
2. create a index.php file in /var/www/html containing the line:
<?php mail ("user@example.com", "TEST Subject", "Test body"; ?>
3. browse the page and hopeless wait for an email in the inbox...
  
Actual results:
The mail is not sent to user@example.com

Expected results:
mail sent

Additional info:
In /var/log/messages I can see:
Apr 13 23:08:08 moat kernel: audit(1113426488.965:0): avc:  denied  { getattr }
for  pid=29205 exe=/bin/bash path=/var/log dev=dm-0 ino=261142
scontext=root:system_r:httpd_sys_script_t tcontext=system_u:object_r:var_log_t
tclass=dir
Apr 13 23:08:08 moat kernel: audit(1113426488.975:0): avc:  denied  { create }
for  pid=29205 exe=/usr/sbin/sendmail.postfix
scontext=root:system_r:httpd_sys_script_t
tcontext=root:system_r:httpd_sys_script_t tclass=unix_dgram_socket
Apr 13 23:08:09 moat kernel: audit(1113426489.093:0): avc:  denied  { search }
for  pid=29205 exe=/usr/sbin/sendmail.postfix name=spool dev=dm-0 ino=261156
scontext=root:system_r:httpd_sys_script_t tcontext=system_u:object_r:var_spool_t
tclass=dir
Apr 13 23:08:09 moat kernel: audit(1113426489.094:0): avc:  denied  { create }
for  pid=29205 exe=/usr/sbin/sendmail.postfix
scontext=root:system_r:httpd_sys_script_t
tcontext=root:system_r:httpd_sys_script_t tclass=unix_dgram_socket

Comment 1 Daniel Walsh 2005-04-14 00:23:52 UTC
The policy in U1 fixes this problem.  You can grab a preview from

ftp://people.redhat.com/dwalsh/SELinux/RHEL4/{selinux-policy-targeted,
policycoretuils}


Comment 2 Gianluca Sforna 2005-04-14 13:08:52 UTC
thanks a lot. I "yum"med the whole thing and now it works as expected.