Bug 488275 - Selinux prevents squirrelmail from connecting to dovecot
Selinux prevents squirrelmail from connecting to dovecot
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
rawhide
All Linux
low Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2009-03-03 11:18 EST by Zbysek MRAZ
Modified: 2013-07-03 09:08 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-03-03 11:28:33 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Zbysek MRAZ 2009-03-03 11:18:31 EST
Description of problem:
ERROR: Error connecting to IMAP server "localhost:143".Server error: (13) Permission denied

Version-Release number of selected component (if applicable):
selinux-policy-targeted-3.6.6-6.fc11.noarch
dovecot-1.1.11-1.fc11.x86_64
squirrelmail-1.4.17-2.fc11.noarch
httpd-2.2.11-6.x86_64


How reproducible:
Always

Steps to Reproduce:
1. Setup a working squirrelmail configuration with defaults for sendmail/smtp
2. Go to http://whatever/webmail/src/configtest.php
  
Actual results:
You can see on the page:
ERROR: Error connecting to IMAP server "localhost:143".Server error: (13) Permission denied

and audit.log
type=SYSCALL msg=audit(1236096260.897:449): arch=c000003e syscall=42 success=no exit=2024054744 a0=c a1=7f9030eafc38 a2=10 a3=40 items=0 ppid=22914 pid=22919 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=35 comm="httpd" exe="/usr/sbin/httpd" subj=unconfined_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1236096260.897:449): avc:  denied  { name_connect } for  pid=22919 comm="httpd" dest=143 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=system_u:object_r:pop_port_t:s0 tclass=tcp_socket


Expected results:
No selinux error, squirrelmail can connect to dovecot, no error on configtest.php page
Comment 1 Daniel Walsh 2009-03-03 11:28:33 EST
audit2allow -w -i /tmp/t
avc:  denied  { name_connect } for pid=22919 comm="httpd" dest=143 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=system_u:object_r:pop_port_t:s0 tclass=tcp_socket 

	Was caused by:
	One of the following booleans was set incorrectly.
	Description:
	Allow http daemon to send mail

	Allow access by executing:
	# setsebool -P httpd_can_sendmail 1
	Description:
	Allow HTTPD scripts and modules to connect to the network

	Allow access by executing:
	# setsebool -P httpd_can_network_connect 1


Setroubleshoot should have told you something similar.

Note You need to log in before you can comment on or make changes to this bug.