On Thursday 17 February 2005 02:21, "Hongwei Li" <hongwei(a)wustl.edu>
wrote:
The problem is the SquirrelCheck in squirrelmail does not work when
selinux is enforced (targeted). If I click "Check Spelling" in
squirrelmail's Compose windows, it does not do any spell checking and the
system log shows:
Feb 16 09:07:25 pippo kernel: audit(1108566445.074:0): avc: denied {
search } for pid=7899 exe=/bin/cat name=spool dev=hda3 ino=470497
scontext=user_u:system_r:httpd_sys_script_t
tcontext=system_u:object_r:var_spool_t tclass=dir
Currently we don't have policy for Squirrelmail. One option is to enable
httpd_disable_trans, this means that SE Linux does not restrict Apache and
child processes but will restrict other daemons. Another option is to grant
httpd_sys_script_t the access to do the things it wants, this isn't ideal and
isn't what we will do for proper squirrelmail policy, but will solve your
problems.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page