Horde Application Suite and SELinux...
Tom Lisjac
netdxr at gmail.com
Tue Feb 22 21:14:44 UTC 2005
Hi folks!
I've just installed the php based Horde Application Suite
(http://horde.org) on a Fedora Core 3. Everything is working great
with the targeted policy and SELinux enabled except for a small
problem with spell checking in the Imp webmail app.
The spell checker passes the text to aspell using a temporary file in
/tmp. The targeted policy prohibits "http scripts" from using the /tmp
directory... so aspell runs but doesn't return any results. If I
disable SELinux, it works fine... but since this server will be
running in a hostile environment, I'd rather not. I could also add:
allow httpd_sys_script_t httpd_tmp_t:file { getattr read };
... to the targeted policy, but I'd prefer not modify it or open this
directory up to other less trustworthy scripts that may eventually run
on the system.
I've thought about creating a separate directory and rule for this app
and operation... but I can't help but wonder if there's better
approach for resolving this problem? Any suggestions would be greatly
appreciated!
Thanks,
-Tom
More information about the fedora-selinux-list
mailing list