> On Mon, Apr 17, 2006 at 03:10:24PM -0500, Scott Alan Chaffin wrote: > > When installing sendmail (instead of postfix) in the default location of > > /usr/sbin/sendmail, the mail daemon doesn't start, only the queue > > handler. Attempting to start the daemon by hand results in the > > following error: > > > > huron:/usr/sbin # ./sendmail -bD -q15m > > 451 4.0.0 opendaemonsocket: daemon MTA: cannot bind: Permission denied > > 421 4.0.0 opendaemonsocket: daemon MTA: server SMTP socket wedged: exiting > > huron:/usr/sbin # > > > > When I move the sendmail binary to /usr/lib and make a symbolic link to > > /usr/sbin, it starts as expected, both on the command line and in the > > /etc/init.d/sendmail script. > > > > It's only a minor inconvenience to start things this way, but it is an > > inconvenience. I suspect that this is related to some sort of enhanced > > security on /usr/sbin. The file system is reiserfs. > > > > Does anyone know how to rectify this condition? > > Likely caused by AppArmor. Check "logprof" output, or /var/log/audit/audit.log > > Ciao, Marcus > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] >
Marcus, Thanks for the information. You are correct, it is AppArmor that is causing my problem. Looking in /var/log/audit/audit.log, I find: type=APPARMOR msg=audit(1144955349.060:6): REJECTING access to capability 'net_bind_service' (sendmail(3227) profile /usr/sbin/sendmail active /usr/sbin/sendmail) When I disable AppArmor, sendmail runs from /usr/sbin without incident. I think that I'd prefer running with AppArmor rather than without, so I'll look around and learn how to configure AppArmor to allow sendmail to bind to port 25 after I finish with setting up sendmail. Thanks again, Scott --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
