[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Dovecot quota support
- From: Paul Howarth <paul city-fan org>
- To: fedora-selinux-list redhat com
- Subject: Dovecot quota support
- Date: Fri, 12 May 2006 13:05:53 +0100
Dovecot now has quota support and it uses getmntent() to find the
mountpoints. However, it's not allowed to read /etc/mtab:
May 12 12:52:51 goalkeeper kernel: audit(1147434771.028:15131): avc:
denied { read } for pid=15788 comm="dovecot" name="mtab" dev=dm-0
ino=381458 scontext=user_u:system_r:dovecot_t:s0
tcontext=user_u:object_r:etc_runtime_t:s0 tclass=file
May 12 12:52:51 goalkeeper kernel: audit(1147434771.028:15132): avc:
denied { getattr } for pid=15788 comm="dovecot" name="mtab" dev=dm-0
ino=381458 scontext=user_u:system_r:dovecot_t:s0
tcontext=user_u:object_r:etc_runtime_t:s0 tclass=file
These getattr denials are for the three non-LVM partitions I have
(/dev/shm being the tmpfs one). The 6 LVM volumes didn't generate these:
May 12 12:52:51 goalkeeper kernel: audit(1147434771.048:15133): avc:
denied { getattr } for pid=15788 comm="dovecot" name="/" dev=hda2
ino=2 scontext=user_u:system_r:dovecot_t:s0
tcontext=system_u:object_r:file_t:s0 tclass=dir
May 12 12:52:51 goalkeeper kernel: audit(1147434771.048:15134): avc:
denied { getattr } for pid=15788 comm="dovecot" name="/" dev=hda1
ino=2 scontext=user_u:system_r:dovecot_t:s0
tcontext=system_u:object_r:boot_t:s0 tclass=dir
May 12 12:52:51 goalkeeper kernel: audit(1147434771.048:15135): avc:
denied { getattr } for pid=15788 comm="dovecot" name="/" dev=tmpfs
ino=4523 scontext=user_u:system_r:dovecot_t:s0
tcontext=system_u:object_r:tmpfs_t:s0 tclass=dir
No big deal for me as I don't use quotas but someone will complain about
it eventually...
Paul.
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]