On 11/28/09 20:35, Roland Roberts wrote:
I'm running Fedora 11 x86_64 with the dovecot and dovecot-pgsql RPMs installed. I have a small user database set up for email authentication. The issue I'm having is that when I am in enforcing mode, dovecot can't connect to the database. Turning off enforcing mode lets it work. I'm having trouble diagnosing where the denial is taking place as I don't see any avc messages in /var/log/messages that relate to dovecot. The only messages I'm getting are in /var/log/maillog from dovecot like this: Nov 28 22:23:11 fred dovecot: auth(default): pgsql: Connect failed to maildb: could not connect to server: Permission denied Nov 28 22:23:11 fred dovecot: auth(default): #011Is the server running on host "fred.flinstone.org" and accepting Nov 28 22:23:11 fred dovecot: auth(default): #011TCP/IP connections on port 5432? The answer to the questions is "yes" it is running and accepting connections. Whether or not enforcing mode is on, when logged in, I can connect to the database via $ psql -h fred.flinstone.org maildb I *think* this is a result of updating on Nov 18. I have not changed the default selinux mode since the host was set up back in September. At that point, I set it to enforcing mode after working out a few issues. On Nov 18, a lot of things were updated, but among there were Nov 18 10:00:02 Updated: kernel-firmware-2.6.30.9-96.fc11.noarch Nov 18 10:00:15 Updated: kernel-headers-2.6.30.9-96.fc11.x86_64 Nov 18 10:00:28 Installed: kernel-devel-2.6.30.9-96.fc11.x86_64 Nov 18 10:01:30 Installed: kernel-2.6.30.9-96.fc11.x86_64 Nov 18 10:02:01 Updated: selinux-policy-3.6.12-86.fc11.noarch Nov 18 10:02:46 Updated: selinux-policy-targeted-3.6.12-86.fc11.noarch Today, I did another update, hoping it would cure the problem and got these revisions Nov 28 10:57:33 Updated: selinux-policy-3.6.12-88.fc11.noarch Nov 28 10:57:47 Updated: selinux-policy-targeted-3.6.12-88.fc11.noarch but the behavior is unchanged, I still have to turn off enforcing mode. Any clues on what I need to do to get this to work? Or where to look for clues since, as I mentioned, I can't even find log entries that would clue me in. roland
Maybe you just need to either make enableaudit or check the file labels to make sure things are legit, Justin P. Mattock -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
