Still having problems with SELinux and Dovecot

Mark Evers beheer at net-care.nl
Wed Dec 14 22:16:30 UTC 2005 

----- Original Message ----- 
From: "Daniel J Walsh" <dwalsh at redhat.com>
To: "Mark Evers" <beheer at net-care.nl>
Sent: Wednesday, December 14, 2005 11:14 PM
Subject: Re: Still having problems with SELinux and Dovecot


> Mark Evers wrote:
>> The file was created by a regular "yum install dovecot", and i altered it 
>> later using nano
>> The weard thing is, when it runs it keeps running, sometimes when i 
>> reboot it isn't blocked by SELinux, but most times it is.
>>
>> I just did the "restorecon /etc/dovecot.conf" and rebooted and it started 
>> fine
>>
>>> Basically its context is wrong, Should be dovecot_etc_t  not 
>>> etc_runtime_t.
>>
>> Errrr??
>>
>>
>> ----- Original Message ----- From: "Daniel J Walsh" <dwalsh at redhat.com>
>> To: "Mark Evers" <beheer at net-care.nl>
>> Cc: <fedora-selinux-list at redhat.com>
>> Sent: Wednesday, December 14, 2005 10:51 PM
>> Subject: Re: Still having problems with SELinux and Dovecot
>>
>>
>>> Mark Evers wrote:
>>>> Well, i still have problems with SELinux and Dovecot, when i do a 
>>>> reboot i get a error
>>>> Starting Dovecot Imap: Fatal: Can't open configuration file 
>>>> /etc/dovecot.conf: Permission denied
>>>>  and in the audit.log i find this error
>>>>  type=AVC msg=audit(1134595859.843:208): avc:  denied  { read } for 
>>>> pid=26990 comm="dovecot" name="dovecot.conf" dev=dm-0 ino=197586 
>>>> scontext=system_u:system_r:dovecot_t 
>>>> tcontext=system_u:object_r:etc_runtime_t tclass=file
>>>> type=SYSCALL msg=audit(1134595859.843:208): arch=40000003 syscall=5 
>>>> success=no exit=-13 a0=8058a3e a1=8000 a2=0 a3=8000 items=1 pid=26990 
>>>> auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 
>>>> comm="dovecot" exe="/usr/sbin/dovecot"
>>>> type=CWD msg=audit(1134595859.843:208): 
>>>> cwd="/usr/libexec/webmin/dovecot"
>>>> type=PATH msg=audit(1134595859.843:208): item=0 
>>>> name="/etc/dovecot.conf" flags=101  inode=197586 dev=fd:00 mode=0100644 
>>>> ouid=0 ogid=0 rdev=00:00
>>>>  I can only fix this by doing a "fixfiles relabel" and "touch 
>>>> ./autorelabel" and then it works again, till the next reboot..
>>>>  Is there a way to fix this? or is there a way to exclude dovecot from 
>>>> SELinux??
>>>>
>>> restorecon /etc/dovecot.conf
>>>
>>> How does that file get created?  Is it being created by an init script?
>>>
>>> Basically its context is wrong, Should be dovecot_etc_t  not 
>>> etc_runtime_t.
>>>
> Well watch that file context and make sure no init script is replacing 
> that file.

I'll keep an eye on it, thanks.

>>>> Mark Evers
>>>>  ------------------------------------------------------------------------
>>>>
>>>>
>>>> -- 
>>>> fedora-selinux-list mailing list
>>>> fedora-selinux-list at redhat.com
>>>> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>>>
>>>
>>> -- 
>>>
>>
>
>
> -- 
>

More information about the fedora-selinux-list mailing list