selinux and squirrelmail in FC4
Paul Howarth
paul at city-fan.org
Tue Sep 20 07:22:49 UTC 2005
On Mon, 2005-09-19 at 15:22 -0500, Hongwei Li wrote:
> Hello,
>
> I have a FC4 system, kernel: 2.6.12-1.1447_FC4, selinux targeted, enforced,
> installed: selinux-policy-targeted-1.25.4-10.1,
> selinux-policy-targeted-sources-1.25.4-10.1
> squirrelmail-1.4.4-2
>
> If I setenforce 0, then users can log in squirrelmail and read/send emails w/o
> problems. If I setenforce 1, then users cannot login sm. The error message
> is:
>
> Error connecting to IMAP server: localhost.
> 13 : Permission denied
>
> However, the system log does not show error message about it. So, if I run
> the selinux command, I got:
>
> # audit2allow -l -i /var/log/messages -o
> /etc/selinux/targeted/src/policy/domains/program/apache.te
In FC4 the audit messages are in /var/log/audit/audit.log,
not /var/log/messages.
It would be wise to understand what exactly SELinux is preventing rather
than blindly appending rules to allow whatever it's trying to do though.
Paul.
--
Paul Howarth <paul at city-fan.org>
More information about the fedora-selinux-list
mailing list