Hello everyone,
I’ve been attempting over the last few days to get RT running with
selinux enabled on a FC3 box. At the moment, the web interface is up,
but auto replies aren’t being emailed.
I’ve been trying to sort this out with Colin Walters on the Fedora
SElinux mailing list. After the last bit of denial messages from
selinux, Colin had a question. But, I can’t answer it because I don’t
know enough about the innards of RT. Here’s a link to my post (part way
through the thread):
https://www.redhat.com/archives/fedora-selinux-list/2005-
February/msg00008.html
And here is Colin’s question:
—start—
avc: denied { search } for pid=2851 exe=/usr/bin/perl name=postfix
dev=dm-5 ino=34833 scontext=user_u:system_r:httpd_sys_script_t
tcontext=system_u:object_r:var_spool_t tclass=diravc: denied { search } for pid=2851 exe=/usr/bin/perl name=postfix
dev=dm-5 ino=34833 scontext=user_u:system_r:httpd_sys_script_t
tcontext=system_u:object_r:var_spool_t tclass=dir
Hmmm. Surely the SendEmail.pm perl module doesn’t scribble on the
postfix queue directly; I don’t think that’s supported.
—end—
So, can anyone answer that question/statement?
I would like to get RT working with SElinux enabled instead of turning
it off. Since SElinux isn’t going away, fixing the SElinux policies is
the preferred solution. It’ll benefit the entire RT community.
Regards,
Ranbir
Kanwar Ranbir Sandhu
Linux Consultant
Systems Aligned Inc.
www.systemsaligned.com