Bug 1152773
Summary: | SELinux message on dovecot login | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Orion Poplawski <orion> |
Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
Status: | CLOSED ERRATA | QA Contact: | Milos Malik <mmalik> |
Severity: | low | Docs Contact: | |
Priority: | medium | ||
Version: | 7.0 | CC: | mmalik, orion, ssekidde |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | selinux-policy-3.13.1-7.el7 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2015-03-05 10:46:00 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Orion Poplawski
2014-10-14 22:46:12 UTC
Actually, does seem to be working now in enforcing with some dovecot tweaks. False alarm. I do get this on every login though: type=AVC msg=audit(1413327524.377:1246): avc: denied { search } for pid=4079 comm="auth" name="systemd" dev="tmpfs" ino=6824 scontext=system_u:system_r:dovecot_auth_t:s0 tcontext=system_u:object_r:init_var_run_t:s0 tclass=dir commit f36db22a6d246c3226cfca7128e529b9f6f2e90b Author: Miroslav Grepl <mgrepl> Date: Mon Nov 3 09:08:25 2014 +0100 Allow dovecot to create user's home directory when they log into IMAP. Hi Orion, could you re-test the scenario and use following RPMs: * http://people.redhat.com/dwalsh/SELinux/RHEL7/noarch/ Some things have changed with my configuration, but I don't see any denials with selinux-policy-3.12.1-153.el7_0.13.noarch. Thanks! As an aside, I got this when updating: warning: file /etc/selinux/targeted/modules/active/modules/pkcsslotd.pp: remove failed: No such file or directory One other question while I have you :), setsebool -P no longer appears to set the running configuration. Is that expected? The pkcsslotd.pp problem is addressed in BZ#1169434. What do you mean by "set the running configuration"? It should set the permanent state (what is default after reboot) and should not change the temporary state (what is default before reboot). Okay, so it's expected. I had thought the behavior used to be different, but maybe not. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2015-0458.html |