Le mardi 25 avril 2017 à 10:04 +0200, Robert Moskowitz a écrit :
> I thought I had this fixed, but I do not. I was away from this problem
> working on other matters, and came back (after a reboot) and it is still
> there, so I suspect when I thought I had it 'fixed' I was running with
> setenforce 0 from another problem (that is fixed).
>
> So anyone know how to get dovecot dict connecting to mysql when
> enforcing? Googling is not finding any real help.
Hi,
I’ve got some « tweaking » here (using postgresql, obviously) so that
dovecot runs properly with SELinux enabled,
HTH,
Laurent.
module mydovecot 1.0;
require {
type dovecot_auth_t;
type postgresql_port_t;
type dovecot_t;
type var_t;
type postfix_virtual_tmp_t;
class tcp_socket name_connect;
class file { rename read lock create write getattr link unlink
open append };
class dir { read write create add_name remove_name };
}
#============= dovecot_auth_t ==============
#!!!! This avc is allowed in the current policy
allow dovecot_auth_t postgresql_port_t:tcp_socket name_connect;
#============= dovecot_t ==============
#!!!! This avc is allowed in the current policy
allow dovecot_t postfix_virtual_tmp_t:file { rename write unlink open
link };
allow dovecot_t var_t:dir create;
#!!!! This avc is allowed in the current policy
allow dovecot_t var_t:dir { read write add_name remove_name };
#!!!! This avc is allowed in the current policy
allow dovecot_t var_t:file { rename read lock create write getattr link
unlink open append };
--
Laurent Wandrebeck <l.wandrebeck@xxxxxxxxxxxxxxx>
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
