Fedora Core 4 and squirrelmail and selinux

Geoff Wild · ‎04-15-2006

Trying to get this to work on a new machine.

If I:

setenforce 0

Squirrelmail works:

SquirrelMail configtest
This script will try to check some aspects of your SquirrelMail configuration and point you to errors whereever it can find them. You need to go run conf.pl in the config/ directory first before you run this script.

SquirrelMail version: 1.4.6-5.fc4
Config file version: 1.4.0
Config file last modified: 15 April 2006 09:04:10

Checking PHP configuration...
PHP version 5.0.4 OK.
PHP extensions OK.
Checking paths...
Data dir OK.
Attachment dir OK.
Plugins OK.
Themes OK.
Default language OK.
Base URL detected as: http://192.168.2.52/webmail/src
Checking outgoing mail service....
sendmail OK
Checking IMAP service....
IMAP server ready (* OK dovecot ready.)
Capabilities: * CAPABILITY IMAP4rev1 SORT THREAD=REFERENCES MULTIAPPEND UNSELECT IDLE CHILDREN LISTEXT LIST-SUBSCRIBED NAMESPACE STARTTLS AUTH=PLAIN
Checking internationalization (i18n) settings...
gettext - Gettext functions are available. You must have appropriate system locales compiled.
mbstring - Mbstring functions are available.
recode - Recode functions are unavailable.
iconv - Iconv functions are available.
timezone - Webmail users can change their time zone settings.
Checking database functions...
not using database functionality.

Congratulations, your SquirrelMail setup looks fine to me!

setenforce 1

Squirrelmail doesn't:

SquirrelMail configtest
This script will try to check some aspects of your SquirrelMail configuration and point you to errors whereever it can find them. You need to go run conf.pl in the config/ directory first before you run this script.

SquirrelMail version: 1.4.6-5.fc4
Config file version: 1.4.0
Config file last modified: 15 April 2006 09:04:10

Checking PHP configuration...
PHP version 5.0.4 OK.
PHP extensions OK.
Checking paths...
Data dir OK.
Attachment dir OK.
Plugins OK.
Themes OK.
Default language OK.
Base URL detected as: http://192.168.2.52/webmail/src
Checking outgoing mail service....

ERROR: Location of sendmail program incorrect (/usr/sbin/sendmail)!

getsebool httpd_can_network_connect
httpd_can_network_connect --> inactive

so I:

setsebool -P httpd_can_network_connect=1

Still can't get squirrelmail to work...

[root@localhost policy]# tail -4 /var/log/audit/audit.log
type=AVC msg=audit(1145121783.081:179): avc: denied { read } for pid=1522 comm="httpd" name="sendmail" dev=dm-3 ino=131306 scontext=root:system_r:httpd_t tcontext=system_u:object_r:sbin_t tclass=lnk_file
type=SYSCALL msg=audit(1145121783.081:179): arch=40000003 syscall=195 success=no exit=-13 a0=9fa7f14 a1=bfaf81ac a2=3faff4 a3=bfaf81ac items=1 pid=1522 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 comm="httpd" exe="/usr/sbin/httpd"
type=CWD msg=audit(1145121783.081:179): cwd="/usr/share/squirrelmail/src"
type=PATH msg=audit(1145121783.081:179): item=0 name="/usr/sbin/sendmail" flags=1

Here's the version of selinux I have:

rpm -a -q |grep selinux
selinux-policy-targeted-1.27.1-2.22
selinux-policy-targeted-sources-1.27.1-2.22
libselinux-1.23.11-1.1
libselinux-devel-1.23.11-1.1

Thanks...Geoff

Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.

Geoff Wild · ‎04-15-2006

Well - figured it out by myself...

Theres an utility called audit2allow

So I did a:

cd /etc/selinux/targeted/src/policy
udit2allow -i < /var/log/audit/audit.log >> domains/misc/local.te

I edited the domains/misc/local.te and only kept the one I want:

allow httpd_t sbin_t:lnk_file read;

Then did a:

make load

Voila! works like a charm!

Rgds...Geoff

Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Fedora Core 4 and squirrelmail and selinux

Fedora Core 4 and squirrelmail and selinux

Re: Fedora Core 4 and squirrelmail and selinux