squirrelmail gpg plugin and selinux problem
Daniel J Walsh
dwalsh at redhat.com
Tue Apr 10 20:37:49 UTC 2007
Daniel J Walsh wrote:
> George Avrunin wrote:
>> I'm trying to setup the squirrelmail gpg plugin to sign messages on FC6,
>> fully updated. (I normally use Claws-Mail, but sometimes need webmail
>> when traveling.) With selinux in enforcing mode, I always get a "bad
>> passphrase" message from the plugin, though it works fine with
>> selinux in
>> permissive mode (and I can send without signing in enforcing mode). I'm
>> seeing messages in the audit.log like:
>>
>> type=AVC msg=audit(1176227136.350:36646): avc: denied { setrlimit }
>> for
>> pid=3 0752 comm="gpg" scontext=root:system_r:httpd_sys_script_t:s0
>> tcontext=root:system_r:httpd_sys_script_t:s0 tclass=process
>> type=SYSCALL msg=audit(1176227136.350:36646): arch=40000003 syscall=75
>> success=n o exit=-13 a0=4 a1=bff6078c a2=88bff4 a3=800c0cbb items=0
>> ppid=30750 pid=30752 a uid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48
>> egid=48 sgid=48 fsgid=48 tty=(none) comm="gpg" exe="/usr/bin/gpg"
>> subj=root:system_r:httpd_sys_script_t:s0 key=(nul l)
>>
>> I haven't found anything on this on the web and I assume I'm not the
>> only
>> person trying to do this, so I must have messed up some configuration.
>> I've tried changing the values of various http-related booleans without
>> success, but I don't understand selinux very well. I'd be grateful for
>> any suggestions.
>> Thanks,
>>
>> George
>>
> Nope I have a feeling you are the first to try this, with SELinux.
>
Could you attempt this in permissive mode to see what avc's are generated.
More information about the fedora-list
mailing list