[FC3] Squirrel Mail / SELinux

Randy toucan at tropicalrain.us
Wed Jun 29 22:44:57 UTC 2005


M.Lewis wrote:

> I'm having a problem logging into Squirrel Mail. I have the following 
> in the log:
>
> Jun 29 14:40:40 cygnus kernel: audit(1120081240.918:0): avc:  denied  
> { connect } for  pid=4379 exe=/usr/sbin/httpd 
> scontext=user_u:system_r:httpd_ttcontext=user_u:system_r:httpd_t 
> tclass=tcp_socket
>
> Earlier today, I did the procedure that's been described in the past 
> week by Alexander I believe:
>
> su -
> rpm -ev selinux-policy-targeted selinux-policy-targeted-sources
> rm -fR /etc/selinux/targeted/
> rpm -ivh 
> /var/cache/yum/updates-released/packages/selinux-policy-targeted-1.17.30-3.9.noarch.rpm 
> /var/cache/yum/updates-released/packages/selinux-policy-targeted-sources-1.17.30-3.9.noarch.rpm 
>
> touch /.autorelabel
>
> Still I'm having the error shown above. Suggestions?
>
> Thanks,
> Mike

I ended up doing this to get it to work:

setsebool -P httpd_can_network_connect=1
setsebool -P dovecot_disable_trans=1

Now that SELinux doesn't mess with Dovecot, and the http flag is 
changed, Dovecot can connect to http.  I also had to change some SELinux 
settings before I could get to any files through SAMBA, and more to get 
my WAN link to come up on boot.  When SELinux prevented me from 
getting/putting files to my home directory and ALSO prevented me from 
cd'ing out of my home directory, I ended up disabling it completely.  
Now eveything works.  :-)

Use:  setenforce 0   to temporarily disable SELinux to see if it fixes 
things
that are broke.  It'll re-enable the next time you reboot.


(apologies if this shows up on the list multiple times.  I was having 
mail trouble and it looked like nothing was getting through)




More information about the fedora-list mailing list