I'm trying to setup the squirrelmail gpg plugin to sign messages on FC6,
fully updated. (I normally use Claws-Mail, but sometimes need webmail
when traveling.) With selinux in enforcing mode, I always get a "bad
passphrase" message from the plugin, though it works fine with selinux in
permissive mode (and I can send without signing in enforcing mode). I'm
seeing messages in the audit.log like:
type=AVC msg=audit(1176227136.350:36646): avc: denied { setrlimit } for
pid=3 0752 comm="gpg" scontext=root:system_r:httpd_sys_script_t:s0
tcontext=root:system_r:httpd_sys_script_t:s0 tclass=process
type=SYSCALL msg=audit(1176227136.350:36646): arch=40000003 syscall=75
success=n o exit=-13 a0=4 a1=bff6078c a2=88bff4 a3=800c0cbb items=0
ppid=30750 pid=30752 a uid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48
egid=48 sgid=48 fsgid=48 tty=(none) comm="gpg" exe="/usr/bin/gpg"
subj=root:system_r:httpd_sys_script_t:s0 key=(nul l)
I haven't found anything on this on the web and I assume I'm not the only
person trying to do this, so I must have messed up some configuration.
I've tried changing the values of various http-related booleans without
success, but I don't understand selinux very well. I'd be grateful for
any suggestions.
Thanks,
George
Attachment:
signature.asc
Description: PGP signature
