Tom Lisjac wrote:
I'm getting the following avc's on FC4 when starting cyrus-imapd with
selinux-policy-targeted-1.23.18-17. As a result, it can't listen on
ports 110, 143 and 993. Do I need to toggle cyrus_disable_trans to
make this daemon work?
Best regards,
-Tom
---------------------------------
From /var/log/audit/audit.log. In addition to 993, an avc is also
generated for ports 110 and 143:
type=AVC msg=audit(1120506529.586:145746): avc: denied { name_bind }
for pid=2919 comm="cyrus-master" src=993
scontext=system_u:system_r:cyrus_t tcontext=system_u:
type=SOCKETCALL msg=audit(1120506529.662:145983): nargs=3 a0=7 a1=9e18aa8 a2=10
type=SOCKADDR msg=audit(1120506529.662:145983):
saddr=0200006E000000000000000000000000
type=SYSCALL msg=audit(1120506529.662:145983): arch=40000003
syscall=102 success=no exit=-13 a0=2 a1=bfc61440 a2=8054164 a3=9e18c40
items=0 pid=2919 auid=4294967295 u
... which causes the following in /var/log/messages
Jul 4 15:54:13 test master[6295]: unable to create imap listener
socket: Address family not supported by protocol
Jul 4 15:54:13 test master[6295]: unable to create imaps listener
socket: Address family not supported by protocol
Jul 4 15:54:13 test master[6295]: unable to create pop3 listener
socket: Address family not supported by protocol
Jul 4 15:54:13 test master[6295]: unable to create pop3s listener
socket: Address family not supported by protocol
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-selinux-list
Does policy 1.24-3 fix your problem?
--
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-selinux-list
