Why I'm getting the "SELinux is preventing /usr/sbin/sendmail.postfix from read access on the file ..." every time I send an email in PHP?
No Idea why sendmail needs to read a PHP file.
According to the log, the source and target context are different. But it's not clear if this is the problem or not.
Log shows:
SELinux is preventing /usr/sbin/sendmail.postfix from read access on the file /var/www/html/send-email.php.
***** Plugin catchall (100. confidence) suggests **************************
If you believe that sendmail.postfix should be allowed read access on the send-email.php file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'sendmail' --raw | audit2allow -M my-sendmail
# semodule -X 300 -i my-sendmail.pp
Additional Information:
Source Context system_u:system_r:system_mail_t:s0
Target Context unconfined_u:object_r:httpd_sys_content_t:s0
Target Objects /var/www/html/send-email.php [ file ]
Source sendmail
Source Path /usr/sbin/sendmail.postfix
Port <Unknown>
Host xxxxxxxxxx-prod
Source RPM Packages postfix-3.5.9-19.el9.x86_64
Target RPM Packages
SELinux Policy RPM selinux-policy-targeted-34.1.43-1.el9_1.2.noarch
Local Policy RPM selinux-policy-targeted-34.1.43-1.el9_1.2.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name xxxxxxxxxx-prod
Platform Linux xxxxxxxxxx-prod
PREEMPT_DYNAMIC Wed Mar 1 22:02:24 UTC 2023 x86_64
x86_64
Alert Count 3283
First Seen 2023-03-30 18:03:38 CEST
Last Seen 2024-02-29 12:16:58 CET
Local ID 43f6879e-354b-4593-b3a4-90adc111f26c
I'm using Rocky Linux, 9.1.
Can you help me to understand what's happening?