LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux > Linux - Security
Reload this Page SELinux cause Squirrelmail to fail
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Thread Tools
Old 11-19-2005, 09:45 PM   #1
cojo
Member
 
Registered: Feb 2003
Location: St. Louis
Distribution: RedHat 8
Posts: 251
Thanked: 0
[Solved]SELinux cause Squirrelmail to fail

[Log in to get rid of this advertisement]
Can anyone tell what I need to enable in SELinux to allow Squirrelmail to work on my FC3 server?

Here is my server layout:

FC3-->Sendmail, Dovecot(POP & IMAP), Apache, Squirrelmail, & SELinux.

when SELinux is on. I get permission denied when I tried to login from Squirrelmail. Here is the error message:

Login Screen:
Error connecting to IMAP server: mail.jurgiel.com.
13 : Permission denied

Messages Log
Nov 19 20:40:44 mail kernel: audit(1132454444.934:107): avc: denied { connect } for pid=3697 comm="httpd" scontext=root:system_r:httpd_t tcontext=root:system_r:httpd_t tclass=tcp_socket

When SELinux is off. Squirrelmail work perfectly. So, I know SELinux is the cause of my problem. Now, I just need to know what I need to enable to get Squirrelmail to work with SELinux running. Here is my booleans file for SELinux

httpd_enable_cgi=1
httpd_enable_homedirs=1
httpd_enable_tcp=1
httpd_ssi_exec=1
httpd_builtin_scripting=1
named_write_master_zones=0
httpd_unified=1
httpd_tty_comm=1
allow_execmod=1
allow_execmem=1
Last edited by cojo; 11-20-2005 at 06:39 PM..
cojo is offline     Reply With Quote
Old 11-20-2005, 04:29 PM   #2
macemoneta
Senior Member
 
Registered: Jan 2005
Location: Manalapan, NJ
Distribution: Fedora x86, x86_64, PPC
Posts: 3,543
Blog Entries: 1
Thanked: 0
Here's the process (as root):

1. Set your system to permissive mode:

setenforce 0

2. Use Squirrelmail as thoroughly as possible (try out all the features and functions).

3. Install the policy source:

yum -y install selinux-policy-targeted-sources

4. Run the command:

audit2allow -l -i /var/log/messages >> /etc/selinux/targeted/src/policy/domains/misc/local.te

5. Rebuild your local policy:

/usr/bin/make -C /etc/selinux/targeted/src/policy/ reload

6. Re-enable enforcing mode:

setenforce 1
macemoneta is offline     Reply With Quote
Old 11-20-2005, 05:51 PM   #3
cojo
Member
 
Registered: Feb 2003
Location: St. Louis
Distribution: RedHat 8
Posts: 251
Thanked: 0

Original Poster
macemoneta,

thanks for your replied. I was able to get my Squirrelmail to work with your instructions.

John
cojo is offline     Reply With Quote

Reply

Bookmarks


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
selinux.h ? DJ Shaji Red Hat 1 03-26-2005 01:57 PM
Do I need SELinux? Please help! xbennyboy Linux - Software 2 01-02-2005 06:23 PM
SELinux winxshadi76 Linux - Newbie 1 12-03-2004 12:04 PM
what is SELINUX?? masand Linux - Security 3 09-02-2004 08:57 AM
Selinux tessx Linux - General 3 05-22-2004 01:46 AM


All times are GMT -5. The time now is 04:53 AM.

Contact Us - Advertising Info - Rules - LQ Merchandise - Donations - Contributing Member - LQ Sitemap - LinuxQuestions.org - Linux Forums
Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
RSS2  LQ Podcast
RSS2  LQ Radio
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: @linuxquestions
Open Source Consulting | Domain Registration