[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: Odd problem with dovecot

From: Chris Adams <cmadams hiwaay net>
To: Daniel J Walsh <dwalsh redhat com>
Cc: fedora-selinux-list redhat com
Subject: Re: Odd problem with dovecot
Date: Tue, 6 May 2008 13:15:12 -0500

Once upon a time, Daniel J Walsh <dwalsh redhat com> said:
> Chris Adams wrote:
> > What is odd is that it fails when SELinux is in enforcing mode, but not
> > in permissive, BUT I don't get any errors when it fails (e.g. no
> > "denied" messages in the kernel or audit logs).
> semodule -DB
> 
> will turn on all dontaudit rules.

Sorry, I should have been more specific: this is on RHEL 5, which does
not appear to have the -D option.

However, looking at the dontaudit rules with sesearch (I wasn't aware of
either dontaudit rules or the sesearch command before), I found the
problem.  The top-level directory was still default_t, and there's a
"dontaudit dovecot_t default_t : dir { ioctl read gettr lock search };"
rule.

I changed that top-level directory and all is well.  Thanks.
-- 
Chris Adams <cmadams hiwaay net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.

References:
- Odd problem with dovecot
  - From: Chris Adams
- Re: Odd problem with dovecot
  - From: Daniel J Walsh

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]