Hi folks! I've just installed the php based Horde Application Suite (http://horde.org) on a Fedora Core 3. Everything is working great with the targeted policy and SELinux enabled except for a small problem with spell checking in the Imp webmail app. The spell checker passes the text to aspell using a temporary file in /tmp. The targeted policy prohibits "http scripts" from using the /tmp directory... so aspell runs but doesn't return any results. If I disable SELinux, it works fine... but since this server will be running in a hostile environment, I'd rather not. I could also add: allow httpd_sys_script_t httpd_tmp_t:file { getattr read }; ... to the targeted policy, but I'd prefer not modify it or open this directory up to other less trustworthy scripts that may eventually run on the system. I've thought about creating a separate directory and rule for this app and operation... but I can't help but wonder if there's better approach for resolving this problem? Any suggestions would be greatly appreciated! Thanks, -Tom
