Mailinglist Archive: opensuse (3337 mails)

< Previous Next >
Re: [opensuse] Problem With Sendmail in 10.1 Beta 5 and Beta 9
  • From: Scott Alan Chaffin <sac@xxxxxxxxxxx>
  • Date: Tue, 18 Apr 2006 10:19:59 -0500 (CDT)
  • Message-id: <200604181519.k3IFJxbx013701@xxxxxxxxxxx>
> On Mon, Apr 17, 2006 at 03:10:24PM -0500, Scott Alan Chaffin wrote:
> > When installing sendmail (instead of postfix) in the default location of
> > /usr/sbin/sendmail, the mail daemon doesn't start, only the queue
> > handler. Attempting to start the daemon by hand results in the
> > following error:
> >
> > huron:/usr/sbin # ./sendmail -bD -q15m
> > 451 4.0.0 opendaemonsocket: daemon MTA: cannot bind: Permission denied
> > 421 4.0.0 opendaemonsocket: daemon MTA: server SMTP socket wedged: exiting
> > huron:/usr/sbin #
> >
> > When I move the sendmail binary to /usr/lib and make a symbolic link to
> > /usr/sbin, it starts as expected, both on the command line and in the
> > /etc/init.d/sendmail script.
> >
> > It's only a minor inconvenience to start things this way, but it is an
> > inconvenience. I suspect that this is related to some sort of enhanced
> > security on /usr/sbin. The file system is reiserfs.
> >
> > Does anyone know how to rectify this condition?
>
> Likely caused by AppArmor. Check "logprof" output, or /var/log/audit/audit.log
>
> Ciao, Marcus
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: opensuse-unsubscribe@xxxxxxxxxxxx
> For additional commands, e-mail: opensuse-help@xxxxxxxxxxxx
>

Marcus,

Thanks for the information. You are correct, it is AppArmor that is causing
my problem.

Looking in /var/log/audit/audit.log, I find:

type=APPARMOR msg=audit(1144955349.060:6): REJECTING access to capability 'net_bind_service' (sendmail(3227) profile /usr/sbin/sendmail active /usr/sbin/sendmail)

When I disable AppArmor, sendmail runs from /usr/sbin without incident. I
think that I'd prefer running with AppArmor rather than without, so I'll
look around and learn how to configure AppArmor to allow sendmail to bind
to port 25 after I finish with setting up sendmail.

Thanks again,

Scott

< Previous Next >
References