> > >> -----Original Message----- >> From: [EMAIL PROTECTED] > [mailto:squirrelmail- >> [EMAIL PROTECTED] On Behalf Of Hongwei Li >> Sent: Wednesday, January 26, 2005 9:13 AM >> To: squirrelmail-users@lists.sourceforge.net >> Subject: [SM-USERS] sm and selinux >> >> Hi, >> >> This message is specifically for SM admins about sm and selinux. I > have >> some problems with sm 1.4.3a in a redhat fc3 linux system where > selinux is >> enforced. My system: >> >> os: RedHat FC3 linux, kernel 2.6.9, selinux enforced, iptables > enabled >> web: httpd-2.0.52-3.1 (apache) >> sendmail: 8.13.1-2 >> squirrelmail: 1.4.3a-6.FC3 configured with smtp, not sendmail >> php: 4.3.10-3.2 >> mysql: 3.23.58-13 >> >> I have found 2 major problems so far when selinux is enforced: >> >> 1. cannot connect mysql database for any purpose (addressbook, pref, > etc.) >> -- always "Error initializing addressbook database" etc.; >> >> 2. cannot attach any file to send -- always denied. >> The system log shows: >> ... >> Jan 25 15:09:25 pippo kernel: audit(1106687365.076:0): avc: denied { >> write } for pid=23123 exe=/usr/sbin/httpd name=attach dev=hda3 > ino=470516 >> scontext=root:system_r:httpd_t tcontext=system_u:object_r:var_spool_t >> tclass=dir >> ... >> >> The default sm attachment dir is as in config.php: >> >> $attachment_dir = '/var/spool/squirrelmail/attach/'; >> >> and it's mode is: >> >> # ls -lZ /var/spool/squirrelmail/ >> drwx------ apache apache system_u:object_r:var_spool_t attach >> >> >> There might be more problems when selinux is enforced, but I just > haven't >> found. If I disable selinux while iptables is still enabled and the >> required ports are opened, everything works well, no problem at all. >> >> Although this could be a selinux-admin's job, but I feel that it is > more >> likely in the sm code that does not treat selinux in a proper way. > Since >> more and more systems will have selinux enforced, I feel that it is sm >> admin's job to make it working in selinux environment. I will post the >> same question in selinux group to see any useful help there. > >
After installing the latest "target policy" of selinux, and reset the "contents" (restorecon ...), it is working now. Thanks for all the help! Hongwei ------------------------------------------------------- This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting Tool for open source databases. Create drag-&-drop reports. Save time by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc. Download a FREE copy at http://www.intelliview.com/go/osdn_nl -- squirrelmail-users mailing list Posting Guidelines: http://squirrelmail.org/wiki/wiki.php?MailingListPostingGuidelines List Address: squirrelmail-users@lists.sourceforge.net List Archives: http://news.gmane.org/thread.php?group=gmane.mail.squirrelmail.user List Archives: http://sourceforge.net/mailarchive/forum.php?forum_id=2995 List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
