> This message is specifically for SM admins about sm and selinux. I have
> some problems with sm 1.4.3a in a redhat fc3 linux system where selinux is
> enforced. My system:
>
> os: RedHat FC3 linux, kernel 2.6.9, selinux enforced, iptables enabled
> web: httpd-2.0.52-3.1 (apache)
> sendmail: 8.13.1-2
> squirrelmail: 1.4.3a-6.FC3 configured with smtp, not sendmail
> php: 4.3.10-3.2
> mysql: 3.23.58-13
>
> I have found 2 major problems so far when selinux is enforced:
>
> 1. cannot connect mysql database for any purpose (addressbook, pref, etc.)
> -- always "Error initializing addressbook database" etc.;
This is likely to be a security context being set not allowing PHP to get
to the socket. I dare say if you were to try using any PHP script, you'd
get the same issue.
> 2. cannot attach any file to send -- always denied.
> The system log shows:
> ...
> Jan 25 15:09:25 pippo kernel: audit(1106687365.076:0): avc: denied {
> write } for pid=23123 exe=/usr/sbin/httpd name=attach dev=hda3 ino=470516
> scontext=root:system_r:httpd_t tcontext=system_u:object_r:var_spool_t
> tclass=dir
> ...
Again, this is likely to be a security context set by selinux that needs
tweaking. Your kernel is refusing PHP the ability to write to that
directory, there is nothing SquirrelMail can do about the Kernel rejecting
access. You just need to set the proper permissions with the selinux
tools.
> Although this could be a selinux-admin's job, but I feel that it is more
> likely in the sm code that does not treat selinux in a proper way. Since
> more and more systems will have selinux enforced, I feel that it is sm
> admin's job to make it working in selinux environment. I will post the
> same question in selinux group to see any useful help there.
How is SM supposed to treat selinux? I'm not sure we can detect if it is
enabled or not, or even if PHP knows that it exists, or how it handles it.
From a quick google, and not digging into it too greatly right now, I
don't think it handles it at all.
--
Jonathan Angliss
<[EMAIL PROTECTED]>
-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl
--
squirrelmail-users mailing list
Posting Guidelines:
http://squirrelmail.org/wiki/wiki.php?MailingListPostingGuidelines
List Address: squirrelmail-users@lists.sourceforge.net
List Archives:
http://news.gmane.org/thread.php?group=gmane.mail.squirrelmail.user
List Archives: http://sourceforge.net/mailarchive/forum.php?forum_id)95
List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
