[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: SELinux preventing mail on Openshift Origina Fedora 19.



+++ Lager, Nathan T. [31/12/13 09:40 -0500]:
The dummy who installed this system (me) forgot to check sebooleans and allow httpd to send mail.

enabled that, but im having the same issue.

I went ahead and installed updates, and rebooted (something I wanted to do anyway), which made no difference in the end.

I've done some googling, and Ive found others having this problem on RHEL/Fedora (though, not OpenShift Specific) and all of the pointed to the boolean.

It's definitely on.

# getsebool httpd_can_sendmail
httpd_can_sendmail --> on


There arent per-gear booleans or something are there?

No, but the gears to have a special MLS/MCS range that a full selinux
relabel won't set correctly.  You could try running "oo-restorcon
$gear_uuid" of you could pass in -a to relabel all gears.

Another useful thing to try would be to capture the denials with full
auditing.  Sometimes certain denials are set to "no audit".

cat /dev/null > /var/log/audit/audit.log
semodule -DB

...trigger the email problem

semodule -B
grep denied /var/log/audit/audit.log



-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Nathan Lager, RHCSA, RHCE, RHCVA (#110-011-426)
System Administrator
11 Pardee Hall
Lafayette College, Easton, PA 18042


----- Original Message -----
From: "Nathan T. Lager" <lagern lafayette edu>
To: "Aaron Knister" <aaron knister gmail com>
Cc: users lists openshift redhat com
Sent: Wednesday, December 25, 2013 8:14:48 AM
Subject: Re: SELinux preventing mail on Openshift Origina Fedora 19.

Sorry for the time its taken to respond, Christmas, family and all.

Here are all of the avc's logged from the moment i submit the contact form:

1256. 12/25/2013 08:12:07 virt-what
system_u:system_r:openshift_cron_t:s0-s0:c0.c1023 4 dir search
system_u:system_r:init_t:s0 denied 62013
1257. 12/25/2013 08:12:07 virt-what
system_u:system_r:openshift_cron_t:s0-s0:c0.c1023 4 file getattr
system_u:system_r:init_t:s0 denied 62013
1258. 12/25/2013 08:12:07 cat
system_u:system_r:openshift_cron_t:s0-s0:c0.c1023 2 file read
system_u:system_r:init_t:s0 denied 62014
1259. 12/25/2013 08:12:07 cat
system_u:system_r:openshift_cron_t:s0-s0:c0.c1023 2 file open
system_u:system_r:init_t:s0 denied 62014


----- Original Message -----
> From: "Aaron Knister" <aaron knister gmail com>
> To: "Nathan T. Lager" <lagern lafayette edu>
> Cc: users lists openshift redhat com
> Sent: Sunday, December 22, 2013 9:23:02 AM
> Subject: Re: SELinux preventing mail on Openshift Origina Fedora 19.
>
> Can you send the AVC denials? I think "aureport -a" should do the job.
>
> Sent from my iPhone
>
> > On Dec 22, 2013, at 12:34 AM, "Lager, Nathan T." <lagern lafayette edu>
> > wrote:
> >
> > So, i have an OO running, on fedora 19.
> >
> > I have a wordpress app running, with a contact form.
> >
> > Whenever the contact from is used, the message is not sent.  The error
> > returned is permission denied (in /var/log/maillog).
> >
> > If i setenforce 0, it works, this is obviously not a fix, just
> > troubleshooting.  So selinux appears to be the issue.
> >
> > Fedora was, for some reason, using sendmail rather than postfix, so i
> > tried
> > switching to postfix, this didnt help.
> >
> > The error in maillog with postfix is:
> > Dec 22 00:22:21 strife postfix/sendmail[25834]: fatal: chdir
> > /var/spool/postfix: Permission denied
> >
> > While sendmail looks like this:
> > Dec 22 00:08:51 strife sendmail[21105]: NOQUEUE:
> > SYSERR(529f36b7516de23ea3000002): can not
> > chdir(/var/spool/clientmqueue/):
> > Permission denied
> >
> > I've tried the usual troubleshooting.  Restorecon'd on the given
> > directory,
> > tried sealert on /var/log/audit/autit.log.  Nothing seems to be pointing
> > me in the right direction.
> >
> > How can i allow contact forms in my apps?
> >
> > Thanks!
> >
> > _______________________________________________
> > users mailing list
> > users lists openshift redhat com
> > http://lists.openshift.redhat.com/openshiftmm/listinfo/users
>

_______________________________________________
users mailing list
users lists openshift redhat com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users


_______________________________________________
users mailing list
users lists openshift redhat com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]