On Thursday 17 February 2005 02:21, "Hongwei Li" <hongwei@xxxxxxxxx> wrote:
> The problem is the SquirrelCheck in squirrelmail does not work when
> selinux is enforced (targeted). If I click "Check Spelling" in
> squirrelmail's Compose windows, it does not do any spell checking and the
> system log shows:
>
> Feb 16 09:07:25 pippo kernel: audit(1108566445.074:0): avc: denied {
> search } for pid=7899 exe=/bin/cat name=spool dev=hda3 ino=470497
> scontext=user_u:system_r:httpd_sys_script_t
> tcontext=system_u:object_r:var_spool_t tclass=dir
Currently we don't have policy for Squirrelmail. One option is to enable
httpd_disable_trans, this means that SE Linux does not restrict Apache and
child processes but will restrict other daemons. Another option is to grant
httpd_sys_script_t the access to do the things it wants, this isn't ideal and
isn't what we will do for proper squirrelmail policy, but will solve your
problems.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
