Hi, I run a dovecot instance that looks up users from ldap. Of course, this is done via SSL/TLS. As a result, I get a number of denials that dovecot can't read the slapd_cert type. Would it be worth adding an optional policy to dovecot.te such as: optional_policy(` ldap_read_certs(dovecot_auth_t) ') PS: What is optional_policy for? Is that just so that if that interface / type isn't available, it doesn't cause an error in the policy build? -- William Brown <william@xxxxxxxxxxxxxxx> -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
