On Thursday 17 February 2005 02:21, "Hongwei Li" hongwei@wustl.edu wrote:
The problem is the SquirrelCheck in squirrelmail does not work when selinux is enforced (targeted). If I click "Check Spelling" in squirrelmail's Compose windows, it does not do any spell checking and the system log shows:
Feb 16 09:07:25 pippo kernel: audit(1108566445.074:0): avc: denied { search } for pid=7899 exe=/bin/cat name=spool dev=hda3 ino=470497 scontext=user_u:system_r:httpd_sys_script_t tcontext=system_u:object_r:var_spool_t tclass=dir
Currently we don't have policy for Squirrelmail. One option is to enable httpd_disable_trans, this means that SE Linux does not restrict Apache and child processes but will restrict other daemons. Another option is to grant httpd_sys_script_t the access to do the things it wants, this isn't ideal and isn't what we will do for proper squirrelmail policy, but will solve your problems.