HTTP CGI scripts cannot send mails: mail is sent but empty
Issue
-
When sending a mail from a HTTP CGI script, the mail is sent but empty, even after having enabled the SELinux
httpd_can_sendmail
boolean -
SELinux AVC such as the one below are seen in the audit log:
type=PROCTITLE msg=audit(...) : proctitle=send-mail ... type=EXECVE msg=audit(...) : ... a0=send-mail ... type=SYSCALL msg=audit(...) : arch=x86_64 syscall=execve success=yes exit=0 ... uid=apache gid=apache euid=apache suid=apache fsuid=apache egid=apache sgid=apache fsgid=apache tty=(none) ses=unset comm=sendmail exe=/usr/sbin/sendmail.postfix subj=system_u:system_r:system_mail_t:s0 key=(null) type=AVC msg=audit(...) : avc: denied { read } for pid=6046 comm=sendmail path=/tmp/RsHEeyJh (deleted) ... scontext=system_u:system_r:system_mail_t:s0 tcontext=system_u:object_r:httpd_sys_rw_content_t:s0 tclass=file permissive=
Above, we can see that send-mail could execute successfully but couldn't read the temporary file containing the body of the message.
Environment
- Red Hat Enterprise Linux 8
- HTTP CGI scripts
- mail commands
- SELinux
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.