MAIL() not working "avc: denied"

[riquel]

Hi,

I have this problem since several weeks and still haven't found anything yet to repair it... If anyone could help, I'd be very grateful, thanks.

I'm on fedora core 3 with plesk reloaded 7.5.4 and the problem is my mail() (php function) ain't working!

Here is the code which will hopefully show you what is happening:

Jan 31 10:16:31 mtl kernel: audit(1138702591.914:0): avc:  denied  { execute } for  pid=18494 exe=/bin/bash name=sendmail dev=hda1 ino=3294211 scontext=user_u:system_r:httpd_sys_script_t tcontext=system_u:object_r:var_t tclass=file
Jan 31 10:16:31 mtl kernel: audit(1138702591.914:0): avc:  denied  { getattr } for  pid=18494 exe=/bin/bash path=/var/qmail/bin/sendmail dev=hda1 ino=3294211 scontext=user_u:system_r:httpd_sys_script_t tcontext=system_u:object_r:var_t tclass=file
Jan 31 10:16:31 mtl kernel: audit(1138702591.915:0): avc:  denied  { getattr } for  pid=18494 exe=/bin/bash path=/var/qmail/bin/sendmail dev=hda1 ino=3294211 scontext=user_u:system_r:httpd_sys_script_t tcontext=system_u:object_r:var_t tclass=file
Jan 31 10:17:01 mtl crond(pam_unix)[18498]: session opened for user drweb by (uid=0)
Jan 31 10:17:04 mtl crond(pam_unix)[18498]: session closed for user drweb
Jan 31 10:18:58 mtl kernel: audit(1138702738.137:0): avc:  denied  { execute } for  pid=18535 exe=/bin/bash name=sendmail dev=hda1 ino=3294211 scontext=user_u:system_r:httpd_sys_script_t tcontext=system_u:object_r:var_t tclass=file
Jan 31 10:18:58 mtl kernel: audit(1138702738.137:0): avc:  denied  { getattr } for  pid=18535 exe=/bin/bash path=/var/qmail/bin/sendmail dev=hda1 ino=3294211 scontext=user_u:system_r:httpd_sys_script_t tcontext=system_u:object_r:var_t tclass=file
Jan 31 10:18:58 mtl kernel: audit(1138702738.138:0): avc:  denied  { getattr } for  pid=18535 exe=/bin/bash path=/var/qmail/bin/sendmail dev=hda1 ino=3294211 scontext=user_u:system_r:httpd_sys_script_t tcontext=system_u:object_r:var_t tclass=file

I also have another problem which I think doesn't have anything to do with this one, it is that, when i try to backup sthing through my pannel I get an error saying "error while calling the fopen function..."


Thanks in advance!

 

[riquel]

help pls!

 

[riquel]

I really need to fix this as all my sites are mail disabled , please if anyone can help it would be very apreciated thx

 

[wagnerch]

Originally posted by riquel
I really need to fix this as all my sites are mail disabled , please if anyone can help it would be very apreciated thx

Why did you start two threads on this? Did you look at SELinux any further? You claim you disabled SELinux, but you didn't ever lead into exactly what you have done. Clearly from my perspective it is an SELinux issue and you have not disabled it. Try executing "setenforce 0" as root and see if it helps, if it does then you haven't disabled SELinux properly. "setenforce 0" is only temporary and after the server is rebooted the SELinux policies will be back in enforcing mode.

Maybe you should just pay someone? It is a far stretch to expect people to take their time to help address your problems when you are not really giving any information back.

 

[riquel]

Originally posted by wagnerch
Why did you start two threads on this? Did you look at SELinux any further? You claim you disabled SELinux, but you didn't ever lead into exactly what you have done. Clearly from my perspective it is an SELinux issue and you have not disabled it. Try executing "setenforce 0" as root and see if it helps, if it does then you haven't disabled SELinux properly. "setenforce 0" is only temporary and after the server is rebooted the SELinux policies will be back in enforcing mode.

Maybe you should just pay someone? It is a far stretch to expect people to take their time to help address your problems when you are not really giving any information back.

Hi...
so first, I made a new topic because the old one had reached 3 pages and I was sure no one would bother reading it up...
http://forum.swsoft.com/showthread.php?s=&threadid=30254

Jamesyouc tried to help me, and I thank him again, when he suggested me to deactivate selinux, so that is what I did:

Edit /etc/sysconfig/selinux
CHange selinux=enforcing
To selinux=disabled
Then REBOOT the server.

And that is what I have done


Many features of all my website are deactivated because of this and I'm sure you understand I would really want it to be repeaired as soon as possible

I'm new to this and my budget doesn't allow me for buying support, specially when it is as costy as it is now

So I'm sorry if I offended you anyhow, I only want my server repaired ..

but thx for the help, I will try your advices

 

[riquel]

aaah it was the error... at last ..

It has repaired it all, thanks a bunch mate.


But how can I deactivate it permanently?

Thanks again!

 

[riquel]

I tried putting
disabled
and
permissive

(and rebooting)
in the etc/sysconfig/selinux
but none worked

I have to write setenforce 0 in order for it to work

Anyone knows how to remove it permanently?

 

[wagnerch]

Originally posted by riquel
I tried putting
disabled
and
permissive

(and rebooting)
in the etc/sysconfig/selinux
but none worked

I have to write setenforce 0 in order for it to work

Anyone knows how to remove it permanently?

Just incase it isn't obvious these forums are _community_ forums, SWsoft doesn't typically respond to issues or problems through the forums. The intent is for people like you and me to obtain free support, but if no one helps then your choices are limited. You can either pay a consultant for help, or you can buy support from SWsoft. This problem is actually outside of a Plesk issue, it is a server issue -- but Plesk SHOULD check for this condition and provide some sort of guidance.

In any event here is what my /etc/sysconfig/selinux file looks like:

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcinfg - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled


It is _critical_ that the variable is SELINUX (upper case), and there is only one occurrence of the SELINUX variable in the file. I am not sure what OS you are running, but the above example is from Fedora Core 2.

Worst case if it still doesn't take the sysconfig file, you can modify your boot parameters. Reply to this thread if the above doesn't work for you. It should work fine. Another option is to put "setenforce 0" into the /etc/rc.d/rc.local file.

 

[riquel]

it still doesn't want to work,

however there is a "SELINUXTYPE=targeted" variable bellow it may be because of it

I will try the other option

 

[wagnerch]

Originally posted by riquel
it still doesn't want to work,

however there is a "SELINUXTYPE=targeted" variable bellow it may be because of it

I will try the other option

I guess you are running FC3 or later -- or one of the RHEL's. FC3 FAQ on SELinux may help:

SELinux FAQ for FC3

 

[riquel]

Ok it is fixed, thanks a lot for your help wagnerch, I'm certainly not the only one you just helped

To those who own FEDORA CORE 3 and would like to deactivate SELINUX do the following

Edit the "config" file located in "/etc/sysconfig/selinux"

and set
"SELINUX=disabled"

Thanks again wagnerch
have a great day

 

[riquel]

although it has resolved my main problem (mail() and bind) and I'm very satisfied, one problem has arisen and the fopen problem when trying to backup is still there.

On my other websites, I get this error:

Warning: main(): open_basedir restriction in effect. File(../include.conf) is not within the allowed path(s): (/var/www/vhosts/domain.com/httpdocs:/tmp)

I know how to repair it tho, I have to add some lines in my .conf files. I guess I'll have to do it on all websites.


For the backup it seems the fopen problem is still there