From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-GB; rv:1.7.5)
Description of problem:
SELinux doesn't allow Squirrelmail to send email. Squirrelmail behaves
as if the mail was sent (including storing the sent mail) but mail is
not sent. This is similar to bug 138630 which was fixed. I' don't know
if this was broken by an update to SELinux or if it's specific to me
now using an x86-64 machine.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1.Compose and send an email with squirrelmail
Actual Results: Email is not sent and SELinux generates messages log
Expected Results: Email should be sent.
Created attachment 109542 [details]
SELinux messages sent to syslog
The problem is that your system is not labeled correctly. The best
way to fix this is to
Which will clean up the labels. Squirrelmail was fixed after the
release of FC3, so you have to relabel.
It made things worse! No I can't log in to squirrelmail without
"setenfdorce 0". The other errors are still present.
I do not know how you generated the AVC message log that you attached.
Can you just attach the output of
grep -i avc /var/log/messages
Do you have selinux-policy-targeted-sources installed?
If yes can you do a
make -C /etc/selinux/targeted/src/policy load
Created attachment 109595 [details]
SELinux messages from /var/log/messages
The previous log message were from /var/log/messages with the timestamps
> Do you have selinux-policy-targeted-sources installed?
> If yes can you do a
> make -C /etc/selinux/targeted/src/policy load
Ran without error.
This log I'm attaching has two bits in it: the first two messages are from
logging in to Squirrelmail, the rest are from trying to send mail.
Ok the problem is that httpd is not transitioning to system_mail_t.
ls -lZ /usr/sbin/sendmail.sendmail
should show that sendmail is marked as system_u:object_r:sendmail_exec_t
It also looks like
ls -ladZ /var/spool/mqueue
is labeled incorrectly
should be system_u:object_r:mqueue_spool_t
So I believe your system did not relabel correctly.
You may be right about not doing the relabel correctly. I've just
redone the "touch /.autorelabel; reboot" (that's the second relabel
today) and both /usr/sbin/sendmail.sendmail and /var/spool/mqueue now
have the labels mentioned above (they didn't before). Squirrelmail now