From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-GB; rv:1.7.5) Gecko/20041110 Firefox/1.0 Description of problem: SELinux doesn't allow Squirrelmail to send email. Squirrelmail behaves as if the mail was sent (including storing the sent mail) but mail is not sent. This is similar to bug 138630 which was fixed. I' don't know if this was broken by an update to SELinux or if it's specific to me now using an x86-64 machine. Version-Release number of selected component (if applicable): 1.17.30-2.68 How reproducible: Always Steps to Reproduce: 1.Compose and send an email with squirrelmail Actual Results: Email is not sent and SELinux generates messages log files. Expected Results: Email should be sent. Additional info:
Created attachment 109542 [details] SELinux messages sent to syslog
The problem is that your system is not labeled correctly. The best way to fix this is to touch /.autorelabel reboot Which will clean up the labels. Squirrelmail was fixed after the release of FC3, so you have to relabel. Dan
It made things worse! No I can't log in to squirrelmail without "setenfdorce 0". The other errors are still present.
I do not know how you generated the AVC message log that you attached. Can you just attach the output of grep -i avc /var/log/messages Do you have selinux-policy-targeted-sources installed? If yes can you do a make -C /etc/selinux/targeted/src/policy load Dan
Created attachment 109595 [details] SELinux messages from /var/log/messages The previous log message were from /var/log/messages with the timestamps removed. > Do you have selinux-policy-targeted-sources installed? Yes. > If yes can you do a > make -C /etc/selinux/targeted/src/policy load Ran without error. This log I'm attaching has two bits in it: the first two messages are from logging in to Squirrelmail, the rest are from trying to send mail.
Ok the problem is that httpd is not transitioning to system_mail_t. ls -lZ /usr/sbin/sendmail.sendmail should show that sendmail is marked as system_u:object_r:sendmail_exec_t It also looks like ls -ladZ /var/spool/mqueue is labeled incorrectly should be system_u:object_r:mqueue_spool_t So I believe your system did not relabel correctly. Dan
You may be right about not doing the relabel correctly. I've just redone the "touch /.autorelabel; reboot" (that's the second relabel today) and both /usr/sbin/sendmail.sendmail and /var/spool/mqueue now have the labels mentioned above (they didn't before). Squirrelmail now works. Cheers.