On Wed, 2013-06-05 at 00:23 -0700, Adam Williamson wrote: > On Wed, 2013-06-05 at 09:18 +0300, Cristian Sava wrote: > > On Tue, 2013-06-04 at 08:08 -0700, Adam Williamson wrote: > > > On Tue, 2013-06-04 at 12:06 +0300, Cristian Sava wrote: > > > > I am trying to activate selinux for my mailserver. > > > > It is F19 postfix_courier_amavisd-new_clamav_squirrelmail install in a > > > > virtual environment. All needed is stock or was packaged on F19 > > > > (rpmbuild -ta ... / rpmbuild -ba ...) and all is working fine (selinux > > > > disabled). No tar.gz directly installed. > > > > I am trying to fix things one by one. Any advice is welcome. When > > > > receiving a message selinux complain (permissive): > > > > > > > > SELinux is preventing /usr/sbin/courierlogger from getattr access on the > > > > file /var/spool/authdaemon/pid. > > > > > > > > ***** Plugin catchall (100. confidence) suggests > > > > *************************** > > > > > > > > If you believe that courierlogger should be allowed getattr access on > > > > the pid file by default. > > > > Then you should report this as a bug. > > > > > > If I were you, I'd do that. > > > > > > Well no, that's a lie. If I were you I'd stop using Courier and start > > > using Dovecot, because it's better. From what I've seen, most people who > > > run IMAP servers made that switch already, which may explain why Courier > > > has apparently grown an SELinux issue you'd think would have been fixed > > > already. > > I will consider your suggestion but this may take time and testing. It > > is not for today or tomorrow and not all the people will agree with us. > > Courier is a robust and well working piece in a mail server so it's a > > much simpler solution to disable or even uninstall selinux (why don't we > > have an install time option do it). > > I like very much selinux (when there is a simple way to configure it) > > but I will not abandon courier just for that and many will agree with > > me. > > Sure, I didn't mean it that way, I just meant that it's probably worth > looking at other servers in general. I used Courier for years but > switched away a couple of years back; dovecot does quite a lot of things > better. Yes, you and Daniel are perfectly right but it's a future solution not the one for now. Avoiding courier if selinux is enabled is not always an option nor a complicate setting scheme for selinux. Maybe that's why so many people advice to disable selinux (not a good thing in my view, selinux is a must in many situations). Thank you for your answers. C. Sava -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
