[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Dovecot quota support



Dovecot now has quota support and it uses getmntent() to find the mountpoints. However, it's not allowed to read /etc/mtab:

May 12 12:52:51 goalkeeper kernel: audit(1147434771.028:15131): avc: denied { read } for pid=15788 comm="dovecot" name="mtab" dev=dm-0 ino=381458 scontext=user_u:system_r:dovecot_t:s0 tcontext=user_u:object_r:etc_runtime_t:s0 tclass=file May 12 12:52:51 goalkeeper kernel: audit(1147434771.028:15132): avc: denied { getattr } for pid=15788 comm="dovecot" name="mtab" dev=dm-0 ino=381458 scontext=user_u:system_r:dovecot_t:s0 tcontext=user_u:object_r:etc_runtime_t:s0 tclass=file

These getattr denials are for the three non-LVM partitions I have (/dev/shm being the tmpfs one). The 6 LVM volumes didn't generate these: May 12 12:52:51 goalkeeper kernel: audit(1147434771.048:15133): avc: denied { getattr } for pid=15788 comm="dovecot" name="/" dev=hda2 ino=2 scontext=user_u:system_r:dovecot_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=dir May 12 12:52:51 goalkeeper kernel: audit(1147434771.048:15134): avc: denied { getattr } for pid=15788 comm="dovecot" name="/" dev=hda1 ino=2 scontext=user_u:system_r:dovecot_t:s0 tcontext=system_u:object_r:boot_t:s0 tclass=dir May 12 12:52:51 goalkeeper kernel: audit(1147434771.048:15135): avc: denied { getattr } for pid=15788 comm="dovecot" name="/" dev=tmpfs ino=4523 scontext=user_u:system_r:dovecot_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=dir

No big deal for me as I don't use quotas but someone will complain about it eventually...

Paul.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]