[SM-USERS] sm and selinux

Fri, 28 Jan 2005 16:15:22 -0800 

Hi,

This message is specifically for SM admins about sm and selinux.  I have
some problems with sm 1.4.3a in a redhat fc3 linux system where selinux is
enforced.  My system:

os:     RedHat FC3 linux, kernel 2.6.9, selinux enforced, iptables enabled
web:    httpd-2.0.52-3.1 (apache)
sendmail:       8.13.1-2
squirrelmail:   1.4.3a-6.FC3 configured with smtp, not sendmail
php:    4.3.10-3.2
mysql:  3.23.58-13

I have found 2 major problems so far when selinux is enforced:

1. cannot connect mysql database for any purpose (addressbook, pref, etc.)
-- always "Error initializing addressbook database" etc.;

2. cannot attach any file to send -- always denied.
The system log shows:
...
Jan 25 15:09:25 pippo kernel: audit(1106687365.076:0): avc:  denied  {
write } for  pid=23123 exe=/usr/sbin/httpd name=attach dev=hda3 ino=470516
scontext=root:system_r:httpd_t tcontext=system_u:object_r:var_spool_t
tclass=dir
...

The default sm attachment dir is as in config.php:

$attachment_dir           = '/var/spool/squirrelmail/attach/';

and it's mode is:

# ls -lZ /var/spool/squirrelmail/
drwx------  apache   apache   system_u:object_r:var_spool_t    attach


There might be more problems when selinux is enforced, but I just haven't
found.  If I disable selinux while iptables is still enabled and the
required ports are opened, everything works well, no problem at all.

Although this could be a selinux-admin's job, but I feel that it is more
likely in the sm code that does not treat selinux in a proper way.  Since
more and more systems will have selinux enforced, I feel that it is sm
admin's job to make it working in selinux environment. I will post the
same question in selinux group to see any useful help there.

Thanks!

Hongwei Li








-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl
--
squirrelmail-users mailing list
Posting Guidelines: 
http://squirrelmail.org/wiki/wiki.php?MailingListPostingGuidelines
List Address: squirrelmail-users@lists.sourceforge.net
List Archives: 
http://news.gmane.org/thread.php?group=gmane.mail.squirrelmail.user
List Archives:  http://sourceforge.net/mailarchive/forum.php?forum_id=2995
List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users

Reply via email to