Bug 242365
| Summary: | policy prevents Dovecot from working | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Alvin Thompson <alvin> |
| Component: | selinux-policy | Assignee: | Daniel Walsh <dwalsh> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Ben Levenson <benl> |
| Severity: | high | Docs Contact: | |
| Priority: | low | ||
| Version: | 7 | CC: | dwalsh |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Current | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2007-08-22 14:10:05 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
This should be fixed in updates-testing policy, release -12. Did you try that? Upgrading from the supplied F7 version 2.6.4-8 to version 2.6.4-12 from updates-testing worked for me with dovecot. John. Fixed in selinux-policy-2.6.4-13.fc7 Closing as fixes are in the current release |
3 errors: SELinux is preventing /usr/libexec/dovecot/dovecot-auth (dovecot_auth_t) "create" to (dovecot_auth_t). SELinux is preventing /usr/libexec/dovecot/dovecot-auth (dovecot_auth_t) "audit_write" to (dovecot_auth_t). SELinux is preventing /usr/libexec/dovecot/dovecot-auth (dovecot_auth_t) "read" to (dovecot_auth_t). entire (write) error: Summary SELinux is preventing /usr/libexec/dovecot/dovecot-auth (dovecot_auth_t) "audit_write" to <Unknown> (dovecot_auth_t). Detailed Description SELinux denied access requested by /usr/libexec/dovecot/dovecot-auth. It is not expected that this access is required by /usr/libexec/dovecot/dovecot- auth and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access You can generate a local policy module to allow this access - see http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package. Additional Information Source Context user_u:system_r:dovecot_auth_t Target Context user_u:system_r:dovecot_auth_t Target Objects None [ capability ] Affected RPM Packages dovecot-1.0.0-11.fc7 [application] Policy RPM selinux-policy-2.6.4-8.fc7 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Permissive Plugin Name plugins.catchall Host Name io Platform Linux io 2.6.21-1.3194.fc7 #1 SMP Wed May 23 22:47:07 EDT 2007 x86_64 x86_64 Alert Count 1 First Seen Sun 03 Jun 2007 02:22:16 PM EDT Last Seen Sun 03 Jun 2007 02:22:16 PM EDT Local ID 34d72b91-1c38-4da7-b9df-525819504fb2 Line Numbers Raw Audit Messages avc: denied { audit_write } for comm="dovecot-auth" egid=0 euid=0 exe="/usr/libexec/dovecot/dovecot-auth" exit=172 fsgid=0 fsuid=0 gid=0 items=0 pid=16691 scontext=user_u:system_r:dovecot_auth_t:s0 sgid=0 subj=user_u:system_r:dovecot_auth_t:s0 suid=0 tclass=capability tcontext=user_u:system_r:dovecot_auth_t:s0 tty=(none) uid=0