Bug 160386 - Unable to login using Squirrelmail
Unable to login using Squirrelmail
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
4
i386 Linux
medium Severity high
: ---
: ---
Assigned To: Daniel Walsh
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-06-14 16:27 EDT by John Villalovos
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-06-15 14:34:33 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description John Villalovos 2005-06-14 16:27:27 EDT
Description of problem:

Unable to login using squirrelmail on Fedora Core 4.

How reproducible:
Always


Steps to Reproduce:
1. Attempt to login to squirrelmail
  
Actual results:
See this on webpage:
ERROR
Error connecting to IMAP server: localhost.
13 : Permission denied

Find this in /var/log/audit
type=SOCKETCALL msg=audit(1118780599.827:518614): nargs=3 a0=1d a1=9b2f374 a2=10
type=SOCKADDR msg=audit(1118780599.827:518614):
saddr=0200008F7F0000010000000000000000
type=SYSCALL msg=audit(1118780599.827:518614): arch=40000003 syscall=102
success=no exit=-13 a0=3 a1=bfc937f0 a2=6488cd4 a3=1d items=0 pid=2067
auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48
comm="httpd" exe="/usr/sbin/httpd"
type=AVC msg=audit(1118780599.827:518614): avc:  denied  { name_connect } for 
pid=2067 comm="httpd" dest=143 scontext=system_u:system_r:httpd_t
tcontext=system_u:object_r:pop_port_t tclass=tcp_socket



Expected results:
Should be able to login

Additional info:
This is a fresh install of Fedora Core 4
Comment 1 Daniel Walsh 2005-06-15 10:59:34 EDT
Does setting the boolean

setsebool -P httpd_can_network_connect=1

Solve the problem?

Dan
Comment 2 John Villalovos 2005-06-15 13:44:11 EDT
Yes this fixes the problem.  Squirrelmail now runs.

Is this more access than Squirrelmail needs?  Just wondering, since I discovered
my old system had been compromised and I am doing a fresh install and I am a
little bit paranoid :(

Also, is there a config file that I can put the httpd_can_network_connect=1 into?

Thanks,
John
Comment 3 Daniel Walsh 2005-06-15 14:34:33 EDT
Yes, but it should not be a problem.   Setting this flag allows a compromized
apache web server to connect to all ports, rather than just the http ports. 

In the future, we hope to allow users to define additional ports that an app can
connect to.


Note You need to log in before you can comment on or make changes to this bug.