Re: NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

thanks.

On 04/26/2017 08:55 AM, Phoenix, Merka wrote:

Robert,

in regards to your Postfix and Dovecot issue with MySQL and SELinux,


Apr 26 01:25:45 z9m9z dovecot: dict: Error:
mysql(/var/lib/mysql/mysql.sock): Connect failed to database
(postfix): Can't connect to local MySQL server through socket
'/var/lib/mysql/mysql.sock' (13) - waiting for 1 seconds before retry
Apr 26 01:25:45 z9m9z dovecot: dict: Error: dict sql lookup failed:
Not connected to database


A Google search brought up this write-up of how William (a Red Hat engineer in Australia) faced this in 2011 and was able to solve the issue. His blog still has recent posts in 2017, so you might want to browse the "about
  page and contact him directly to discuss the post.

See: http://firstyear.id.au/blog/html/2011/07/05/SELinux_for_postfix_+_dovecot.html
This page is about postfix and mysql, not dovecot and mysql. It does validate the allow that is failing on my system: 

allow dovecot_t mysqld_t:unix_stream_socket connectto;
On this post referenced above, the author has a sample SELinux policy for postfix/dovecot and mysql. 
While the post references an e-mail setup guide link that is no longer reachable, the policy file is still present in text.
This URL: https://mgrepl.fedorapeople.org/man_selinux/Fedora18/mysqld.html 
has a good summary of the Booleans available for the MySQL SELinux policy


I have read this a number of times and it does not seem to offer any help.



For Dovecot, you will need a policy that allows the dovecot process to transition from whatever context it is currently running into the applicable context that is defined for the mysqld process (or at least some SELinux context that permits access to the socket.)


It seems that what I need is

allow dovecot_t mysqld_t:unix_stream_socket connectto;
But the policy generates errors. I will have to submit a bug report, it seems 



Simba
Engineering
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos



_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux