5

I think this is the correct place to put this, rather than in StackOverflow

Either way, we have a CentOS 6.6 server. SElinux isn't allowing us to enable httpd_can_sendmail

I've tried this....

sudo setsebool -P httpd_can_sendmail on

I then get this

/usr/sbin/getsebool httpd_can_sendmail
httpd_can_sendmail --> off

I tried with this too

sudo setsebool -P httpd_can_sendmail 1
sudo setsebool -P httpd_can_sendmail true
sudo setsebool -P httpd_can_sendmail on
HBruijn
  • 77,029
  • 24
  • 135
  • 201
adprocas
  • 153
  • 1
  • 6
  • Just a random thought: does the command work correctly from an interactive root session? i.e. `sudo -i` and then `setsebool -P httpd_can_sendmail on` – HBruijn Dec 09 '14 at 13:26
  • Yes! That seems to work. Do you want to answer this? – adprocas Dec 09 '14 at 19:46

1 Answers1

0

The sudo command and managing SELinux requires some additional handling, but typically simply running the command from an interactive root session is easiest: 

$ sudo -i 
  Password: 
# setsebool -P httpd_can_sendmail on

I think the issue is that you need to specify a role as part of the sudo command:

-r role The -r (role) option causes the new (SELinux) security context to have the role specified by role.

From what I understand that should be setting up /etc/sudoers correctly and then:

sudo -r sysadm_r -u root setsebool -P httpd_can_sendmail on

should do the trick, but I can't really test now.

This question appears related: Granting sudo access to a SELinux confined user in freeIPA

Community
  • 1
HBruijn
  • 77,029
  • 24
  • 135
  • 201