[FC3] Squirrel Mail / SELinux
Randy
toucan at tropicalrain.us
Wed Jun 29 22:44:57 UTC 2005
M.Lewis wrote:
> I'm having a problem logging into Squirrel Mail. I have the following
> in the log:
>
> Jun 29 14:40:40 cygnus kernel: audit(1120081240.918:0): avc: denied
> { connect } for pid=4379 exe=/usr/sbin/httpd
> scontext=user_u:system_r:httpd_ttcontext=user_u:system_r:httpd_t
> tclass=tcp_socket
>
> Earlier today, I did the procedure that's been described in the past
> week by Alexander I believe:
>
> su -
> rpm -ev selinux-policy-targeted selinux-policy-targeted-sources
> rm -fR /etc/selinux/targeted/
> rpm -ivh
> /var/cache/yum/updates-released/packages/selinux-policy-targeted-1.17.30-3.9.noarch.rpm
> /var/cache/yum/updates-released/packages/selinux-policy-targeted-sources-1.17.30-3.9.noarch.rpm
>
> touch /.autorelabel
>
> Still I'm having the error shown above. Suggestions?
>
> Thanks,
> Mike
I ended up doing this to get it to work:
setsebool -P httpd_can_network_connect=1
setsebool -P dovecot_disable_trans=1
Now that SELinux doesn't mess with Dovecot, and the http flag is
changed, Dovecot can connect to http. I also had to change some SELinux
settings before I could get to any files through SAMBA, and more to get
my WAN link to come up on boot. When SELinux prevented me from
getting/putting files to my home directory and ALSO prevented me from
cd'ing out of my home directory, I ended up disabling it completely.
Now eveything works. :-)
Use: setenforce 0 to temporarily disable SELinux to see if it fixes
things
that are broke. It'll re-enable the next time you reboot.
(apologies if this shows up on the list multiple times. I was having
mail trouble and it looked like nothing was getting through)
More information about the fedora-list
mailing list