selinux in fc3 and squirrelmail

[Hongwei Li]

Hi,

I have some problems with squirrelmail 1.4.3a in a redhat fc3 linux system
where selinux is enforced.  My system:

os:     RedHat FC3 linux, kernel 2.6.9, selinux enforced, iptables enabled
web:    httpd-2.0.52-3.1 (apache)
sendmail:       8.13.1-2
squirrelmail:   1.4.3a-6.FC3 configured with smtp, not sendmail
php:    4.3.10-3.2
mysql:  3.23.58-13

I have found 2 major problems of squirrelmail so far when selinux is
enforced:

1. cannot connect mysql database for any purpose (addressbook, pref, etc.)
-- always "Error initializing addressbook database" etc.;

The system log shows:

Jan 23 10:21:18 pippo kernel: audit(1105978878.395:0): avc:  denied  {
write } for  pid=21651 exe=/usr/sbin/httpd name=mysql.sock dev=hda3
ino=455088 scontext=root:system_r:httpd_t
tcontext=user_u:object_r:var_lib_t tclass=sock_file

2. cannot attach any file to send -- always denied.

The system log shows:
...
Jan 25 15:09:25 pippo kernel: audit(1106687365.076:0): avc:  denied  {
write } for  pid=23123 exe=/usr/sbin/httpd name=attach dev=hda3 ino=470516
scontext=root:system_r:httpd_t tcontext=system_u:object_r:var_spool_t
tclass=dir
...

The sm attachment dir is set by default as in config.php:

$attachment_dir           = '/var/spool/squirrelmail/attach/';

and it's mode is:

# ls -lZ /var/spool/squirrelmail/
drwx------  apache   apache   system_u:object_r:var_spool_t    attach


There might be more problems in sm when selinux is enforced, but I just
haven't found.

If I disable selinux while iptables is still enabled and the required
ports are opened, everything in squirrelmail works well, no problem at
all.

Since I haven't got any useful help from the sm group, I post the above
message here for help.  Is there anybody using sm 1.4.3a in fc3 with
selinux enforced?  Do you have any problem with mysql database
initialization and attach files to send?  If you find a way to solve the
problem, please share it with me.  I'd greatly appreciate all help!

Thanks!

Hongwei Li