I have installed nginx, php-fpm and exim, which I prefer over postfix. When I use php’s mail()
function to send mail to a local user with SELinux enabled, nothing arrives.
When I set SELinux to permissive it does work, and audit2allow
suggests the following SELinux policy rules. Is this the only way of getting php to send mail to exim with SELinux enabled? Shouldn’t similar rules be preconfigured?
#============= httpd_t ==============
allow httpd_t etc_aliases_t:file { getattr open read };
allow httpd_t exim_log_t:file open;
allow httpd_t exim_spool_t:dir { add_name read remove_name write };
allow httpd_t exim_spool_t:file { append create getattr lock open read rename setattr unlink write };
allow httpd_t mail_spool_t:dir { add_name remove_name };
allow httpd_t mail_spool_t:file { append create getattr link lock open read setattr unlink write };
allow httpd_t mail_spool_t:lnk_file read;
#!!!! This avc can be allowed using one of the these booleans:
# httpd_run_stickshift, httpd_use_opencryptoki
allow httpd_t self:capability fowner;