Dovecot and FC4 -> FC5 upgrade problem -> SElinux
Jouni Viikari
jouni at viikarit.com
Sun Mar 26 10:36:38 UTC 2006
I found the Dovecot problem being selinux configuration problem. When
trying to connect to mailserver I saw in /var/log/audit/audit.log:
type=AVC msg=audit(1143334018.770:1989): avc: denied { getattr } for
pid=15305 comm="imap" name="inotify" dev=inotifyfs ino=309
scontext=user_u:system_r:dovecot_t:s0
tcontext=system_u:object_r:inotifyfs_t:s0 tclass=dir
type=AVC msg=audit(1143368097.136:5486): avc: denied { read } for
pid=1758 comm="imap" name="inotify" dev=inotifyfs ino=309
scontext=user_u:system_r:dovecot_t:s0
tcontext=system_u:object_r:inotifyfs_t:s0 tclass=dir
Doing the audit2allow; semodule thing I was able to make Dovecot work.
However using Webmail needed taking care of extra denial:
type=AVC msg=audit(1143368466.704:5522): avc: denied { name_connect }
for pid=26894 comm="httpd" dest=143 scontext=user_u:system_r:httpd_t:s0
tcontext=system_u:object_r:pop_port_t:s0 tclass=tcp_socket
Question still is what to do to make new FC5 installation like it would
have been after fresh install instead of FC4 upgrade regarding selinux?
Or what caused these denials? During first boot after upgrade the
system did automatic relabeling.
Also how should I make loading of these manually made modules automatic
for reboots if I have to keep these (or something similar)?
I could not find answers for these on otherwise excellent
http://danwalsh.livejournal.com/2213.html pages. (Issues related to
upgrade from previous FC & selinux)
TIA, Jouni
More information about the fedora-list
mailing list