Re: NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 



On 04/26/2017 08:04 AM, Gordon Messmer wrote:

On 04/25/2017 10:29 PM, Robert Moskowitz wrote:
did not work. it was set off, so I turned it on and tried it out. Got the same errors:
Apr 26 01:25:45 z9m9z dovecot: dict: Error: mysql(/var/lib/mysql/mysql.sock): Connect failed to database (postfix): Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (13) - waiting for 1 seconds before retry
OK. Re-install the policy, "tail -f /var/log/audit/audit.log" and then try to use dovecot. You're looking for an AVC. What do you see?
This takes two SSH connections for testing. No AVC. See end for the messages.
You would think that the mysql people would have a boolean to allow specific apps to access the socket.
That's not how SELinux works. The policy on mysql doesn't control what clients do. The clients have their own policies (or don't, many apps run unconfined).
So many of the howtos for this kind of set up call for disabling SELinux. Perhaps this is why... 

Here are the messages:
type=SYSCALL msg=audit(1493187952.091:28323): arch=40000028 syscall=11 per=800000 success=yes exit=0 a0=45388b0 a1=35ead30 a2=5264b40 a3=100 items=0 ppid=7341 pid=11879 auid=4294967295 uid=994 gid=991 euid=994 suid=994 fsuid=994 egid=991 sgid=991 fsgid=991 tty=(none) ses=4294967295 comm="file" exe="/usr/bin/file" subj=system_u:system_r:init_t:s0 key=(null) type=PROCTITLE msg=audit(1493187952.091:28323): proctitle=2F7573722F62696E2F66696C650070303031 type=ANOM_ABEND msg=audit(1493187955.055:28324): auid=4294967295 uid=97 gid=97 ses=4294967295 subj=system_u:system_r:dovecot_t:s0 pid=11893 comm="dict" exe="/usr/libexec/dovecot/dict" sig=6 type=USER_ACCT msg=audit(1493187961.642:28325): pid=11895 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_access,pam_unix acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' type=CRED_ACQ msg=audit(1493187961.645:28326): pid=11895 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' type=LOGIN msg=audit(1493187961.653:28327): pid=11895 uid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=3927 res=1 type=USER_START msg=audit(1493187961.910:28328): pid=11895 uid=0 auid=0 ses=3927 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_loginuid,pam_keyinit,pam_limits,pam_systemd acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' type=CRED_REFR msg=audit(1493187961.922:28329): pid=11895 uid=0 auid=0 ses=3927 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' type=CRED_DISP msg=audit(1493187962.135:28330): pid=11895 uid=0 auid=0 ses=3927 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' type=USER_END msg=audit(1493187962.148:28331): pid=11895 uid=0 auid=0 ses=3927 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_loginuid,pam_keyinit,pam_limits,pam_systemd acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' type=SELINUX_ERR msg=audit(1493188004.599:28332): op=security_bounded_transition seresult=denied oldcontext=system_u:system_r:init_t:s0 newcontext=system_u:system_r:unconfined_service_t:s0 type=SYSCALL msg=audit(1493188004.599:28332): arch=40000028 syscall=11 per=800000 success=yes exit=0 a0=45388b0 a1=522fe00 a2=5266cf0 a3=100 items=0 ppid=7342 pid=11918 auid=4294967295 uid=994 gid=991 euid=994 suid=994 fsuid=994 egid=991 sgid=991 fsgid=991 tty=(none) ses=4294967295 comm="file" exe="/usr/bin/file" subj=system_u:system_r:init_t:s0 key=(null) type=PROCTITLE msg=audit(1493188004.599:28332): proctitle=2F7573722F62696E2F66696C650070303031 type=ANOM_ABEND msg=audit(1493188006.218:28333): auid=4294967295 uid=97 gid=97 ses=4294967295 subj=system_u:system_r:dovecot_t:s0 pid=11921 comm="dict" exe="/usr/libexec/dovecot/dict" sig=6 type=USER_ACCT msg=audit(1493188021.284:28334): pid=11923 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_access,pam_unix acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' type=CRED_ACQ msg=audit(1493188021.289:28335): pid=11923 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' type=LOGIN msg=audit(1493188021.293:28336): pid=11923 uid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=3928 res=1 type=USER_START msg=audit(1493188021.528:28337): pid=11923 uid=0 auid=0 ses=3928 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_loginuid,pam_keyinit,pam_limits,pam_systemd acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' type=CRED_REFR msg=audit(1493188021.532:28338): pid=11923 uid=0 auid=0 ses=3928 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' type=CRED_DISP msg=audit(1493188021.734:28339): pid=11923 uid=0 auid=0 ses=3928 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' type=USER_END msg=audit(1493188021.746:28340): pid=11923 uid=0 auid=0 ses=3928 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_loginuid,pam_keyinit,pam_limits,pam_systemd acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' 


_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux