From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.7.8) Gecko/20050512 Fedora/1.0.4-2 Firefox/1.0.4 Description of problem: fc4t3 + May 18th rawhide. Squirrelmail is not connecting to the localhost imap server with the "Error connecting to IMAP server: localhost. 13 : Permission denied" message. I have dovecot running and working. I can telnet to port 143. Nothing is logged anywhere that I can find. Not /var/log/audit/audit.log, /var/log/maillog, or /var/log/messages. It doesn't appear that squirrelmail is actually making an imap connection to localhost because when I make a connection by hand with telnet, it gets logged. After a "setenforce 0", squirremail gets past the permission denied error but then it eventually reports a "ERROR: ERROR : Connection dropped by imap-server." The imap server logs May 19 08:46:15 wintermute imap-login: Disconnected: Inactivity [::ffff:127.0.0.1] May 19 08:47:15 wintermute imap-login: Disconnected: Inactivity [::ffff:127.0.0.1] May 19 08:48:15 wintermute imap-login: Disconnected: Inactivity [::ffff:127.0.0.1] I've been reloading firefox for the last 20 minutes and in that time, I've have had some successful squirrelmail output (it once showed me by inbox index) but the other 99% have been imap timeouts. Using evolution via imap is working fine. Version-Release number of selected component (if applicable): selinux-policy-targeted-1.23.16-1, squirrelmail-1.4.4-2 How reproducible: Always Steps to Reproduce: 1. install necessary squirrelmail components 2. try to login from the sm web page 3. Actual Results: above reported failure Expected Results: sm should come up and allow me to read mail. Additional info:
OK, to clear things up a bit, if I "setenforce 0" and restart dovecot, squirrelmail works normally. With enforcing enabled, squirrelmail reports the permission denied error and can't make an imap connection. Nothing is logged as to why even though it's clearly an selinux problem. I have audit-0.8.1 installed (bug #158011).
Did you look in /var/log/audit/audit.log? Dan
As I said before, nothing is logged anywhere I can find. Not in the audit log or messages or dmesg or maillog or anywhere. Other things are logging to the audit log fine.
Ok, do you have policy sources in stalled? Please try cd /etc/selinux/targeted/src/policy make enableaudit; make load Then try the connection and see if you get audit messages. Dan
That helped: type=AVC msg=audit(1117130474.312:7160534): avc: denied { name_connect } for pid=4126 comm="httpd" dest=143 scontext=system_u:system_r:httpd_t tcontext=system_u:object_r:pop_port_t tclass=tcp_socket type=SYSCALL msg=audit(1117130474.312:7160534): arch=c000003e syscall=42 success=no exit=-13 a0=13 a1=555556004b38 a2=10 a3=42960eea items=0 pid=4126 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 comm="httpd" exe="/usr/sbin/httpd" type=SOCKADDR msg=audit(1117130474.312:7160534): saddr=0200008F7F0000010000000000000000
Does setting the boolean httpd_can_network_connect fix the problem? setsebool -P httpd_can_network_connect=1
I had a similar problem with squirrelmail / dovecot The error message in "messages" says: Jun 20 19:13:22 HomeServer kernel: audit(1119287602.556:0): avc: denied { connect } for pid=2949 exe=/usr/sbin/httpd scontext=user_u:system_r:httpd_t tcontext=user_u:system_r:httpd_t tclass=tcp_socket I have tried settig the boolean as described, and that solved the problem for me.
Is php5 that comnes with FC4 compiled with imap abilities? if not you problem may be found here.