Chapter 2. SELinux Configuration

Before you can use SquirrelMail on EnGarde Secure Linux (in Enforcing mode) you'll need to toggle a boolean which allows the Apache webserver to communicate with the mail server ports. You may skip this section if you are not running your machine in Enforcing mode.

The first thing you need to do is transition over to sysadm_r and see what the current setting is:

[root@machine]# newrole -r sysadm_r
Authenticating root.
[root@machine]# sestatus -b | grep httpd_webmail
httpd_webmail                inactive

In the example above the httpd_webmail boolean is inactive (the default). Activate this boolean either in WebTool or use the setsebool command to enable this boolean:

[root@machine]# setsebool httpd_webmail true
[root@machine]# sestatus -b | grep httpd_webmail
httpd_webmail                active

When this boolean is active SquirrelMail will be able to properly function.

Please note that this change will only survive until the next reboot. To make your change permanent (and persistent across reboots) open the file /etc/selinux/engarde/booleans in your favorite text editor, locate the httpd_webmail line, and change the 0 (inactive) to a 1 (active).

SquirrelMail will now properly work on EnGarde Secure Linux in Enforcing mode.