Horde Application Suite and SELinux...

Tom Lisjac netdxr at gmail.com
Tue Feb 22 21:14:44 UTC 2005

Hi folks!

I've just installed the php based Horde Application Suite
(http://horde.org) on a Fedora Core 3. Everything is working great
with the targeted policy and SELinux enabled except for a small
problem with spell checking in the Imp webmail app.

The spell checker passes the text to aspell using a temporary file in
/tmp. The targeted policy prohibits "http scripts" from using the /tmp
directory... so aspell runs but doesn't return any results. If I
disable SELinux, it works fine... but since this server will be
running in a hostile environment, I'd rather not.  I could also add:

allow httpd_sys_script_t httpd_tmp_t:file { getattr read };

... to the targeted policy, but I'd prefer not modify it or open this
directory up to other less trustworthy scripts that may eventually run
on the system.

I've thought about creating a separate directory and rule for this app
and operation... but I can't help but wonder if there's better
approach for resolving this problem? Any suggestions would be greatly



More information about the fedora-selinux-list mailing list