Red Hat Bugzilla – Bug 480079
insufficient policy for SquirrelMail
Last modified: 2009-01-15 10:54:36 EST
I have SquirrelMail installed and this is a webmail interfaces. It doesn't work with standard selinux configuration, because in order to work it needs to connect to imap and smtp port ports for mail receiving/sending.
It can be bypassed by setting httpd_can_network_connect --> on, but I think it's too permissive.
I added these rules to my local policy:
allow httpd_t pop_port_t:tcp_socket name_connect;
allow httpd_t smtp_port_t:tcp_socket name_connect;
Does it work if you set
It does, my bad.
In my defense, httpd_selinux(8) description of this boolean mentions only sendmail invocation and in this case httpd doesn't actually call sendmail.
No problem, we are having a doc writer review all of the services documentation so things like this hopefully will become clearer.