Re: Still having problems with SELinux and Dovecot

["Mark Evers" <beheer@xxxxxxxxxxx>]

----- Original Message ----- 
From: "Daniel J Walsh" <dwalsh@xxxxxxxxxx>
To: "Mark Evers" <beheer@xxxxxxxxxxx>
Sent: Wednesday, December 14, 2005 11:14 PM
Subject: Re: Still having problems with SELinux and Dovecot


> Mark Evers wrote:
> > The file was created by a regular "yum install dovecot", and i altered it 
> > later using nano
> > The weard thing is, when it runs it keeps running, sometimes when i 
> > reboot it isn't blocked by SELinux, but most times it is.
> >
> > I just did the "restorecon /etc/dovecot.conf" and rebooted and it started 
> > fine
> >
> > > Basically its context is wrong, Should be dovecot_etc_t  not 
> > > etc_runtime_t.
> >
> > Errrr??
> >
> >
> > ----- Original Message ----- From: "Daniel J Walsh" <dwalsh@xxxxxxxxxx>
> > To: "Mark Evers" <beheer@xxxxxxxxxxx>
> > Cc: <fedora-selinux-list@xxxxxxxxxx>
> > Sent: Wednesday, December 14, 2005 10:51 PM
> > Subject: Re: Still having problems with SELinux and Dovecot
> >
> >
> > > Mark Evers wrote:
> > > > Well, i still have problems with SELinux and Dovecot, when i do a 
> > > > reboot i get a error
> > > > Starting Dovecot Imap: Fatal: Can't open configuration file 
> > > > /etc/dovecot.conf: Permission denied
> > > >  and in the audit.log i find this error
> > > >  type=AVC msg=audit(1134595859.843:208): avc:  denied  { read } for 
> > > > pid=26990 comm="dovecot" name="dovecot.conf" dev=dm-0 ino=197586 
> > > > scontext=system_u:system_r:dovecot_t 
> > > > tcontext=system_u:object_r:etc_runtime_t tclass=file
> > > > type=SYSCALL msg=audit(1134595859.843:208): arch=40000003 syscall=5 
> > > > success=no exit=-13 a0=8058a3e a1=8000 a2=0 a3=8000 items=1 pid=26990 
> > > > auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 
> > > > comm="dovecot" exe="/usr/sbin/dovecot"
> > > > type=CWD msg=audit(1134595859.843:208): 
> > > > cwd="/usr/libexec/webmin/dovecot"
> > > > type=PATH msg=audit(1134595859.843:208): item=0 
> > > > name="/etc/dovecot.conf" flags=101  inode=197586 dev=fd:00 mode=0100644 
> > > > ouid=0 ogid=0 rdev=00:00
> > > >  I can only fix this by doing a "fixfiles relabel" and "touch 
> > > > ./autorelabel" and then it works again, till the next reboot..
> > > >  Is there a way to fix this? or is there a way to exclude dovecot from 
> > > > SELinux??
> > > restorecon /etc/dovecot.conf
> > >
> > > How does that file get created?  Is it being created by an init script?
> > >
> > > Basically its context is wrong, Should be dovecot_etc_t  not 
> > > etc_runtime_t.
> Well watch that file context and make sure no init script is replacing 
> that file.

I'll keep an eye on it, thanks.

> > > > Mark Evers
> > > >  ------------------------------------------------------------------------
> > > >
> > > >
> > > > --
> > > > fedora-selinux-list mailing list
> > > > fedora-selinux-list@xxxxxxxxxx
> > > > https://www.redhat.com/mailman/listinfo/fedora-selinux-list
> > >
> > >
> > > --
>
>
> --

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list