mozilla mail not starting under strict policy

[Richard Hally]

Daniel J Walsh wrote:

> Richard Hally wrote:
>
>> when running strict policy on a fully updated rawhide, mozilla mail 
>> will not start when in enforcing mode of the strict policy.
>> Doing a setenforce 0 allows it to start.
>> (Note that the avc denied messages are only produce when in 
>> premissive mode)
>> Below are the AVC denied messages:
>>
>> May 17 12:46:45 new2 kernel: audit(1116348405.108:0): avc:  granted  
>> { setenforce } for  scontext=root:sysadm_r:sysadm_t 
>> tcontext=system_u:object_r:security_t tclass=security
>> May 17 12:46:45 new2 dbus: avc:  received setenforce notice 
>> (enforcing=0)
>> May 17 12:46:45 new2 dbus: avc:  received setenforce notice 
>> (enforcing=0)
>> May 17 12:46:56 new2 kernel: audit(1116348416.169:0): avc:  denied  { 
>> name_connect } for  dest=110 scontext=richard:staff_r:staff_mozilla_t 
>> tcontext=system_u:object_r:pop_port_t tclass=tcp_socket
>> May 17 12:46:56 new2 kernel: audit(1116348416.902:0): avc:  denied  { 
>> getattr }
>> for  name=/ dev=dm-0 ino=2 scontext=richard:staff_r:staff_mozilla_t 
>> tcontext=system_u:object_r:fs_t tclass=filesystem
>> May 17 12:47:45 new2 kernel: audit(1116348465.718:0): avc:  granted  
>> { setenforce } for  scontext=root:sysadm_r:sysadm_t 
>> tcontext=system_u:object_r:security_t tclass=security
>> May 17 12:47:45 new2 dbus: avc:  received setenforce notice 
>> (enforcing=1)
>> May 17 12:47:45 new2 dbus: avc:  received setenforce notice 
>> (enforcing=1)
>>
> Yes use thunderbird .  :^)
>
OK, switched to t'bird. (it works (so far)).  =;-)

> Problem is we are trying to lock down Firefox with Mozilla policy, and 
> mozilla mail is going away.  Can you just add a name_connect
> rule.
>
It's on the box that is strictly for testing SELinux, so I try to stay 
with the policy "as provided".
thanks Dan,
Richard