Bug 458406
| Summary: | Exim dovecot auth driver SELinux errors | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Fred Wittekind IV <rom> | ||||
| Component: | selinux-policy-targeted | Assignee: | Daniel Walsh <dwalsh> | ||||
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Ben Levenson <benl> | ||||
| Severity: | medium | Docs Contact: | |||||
| Priority: | medium | ||||||
| Version: | 9 | ||||||
| Target Milestone: | --- | ||||||
| Target Release: | --- | ||||||
| Hardware: | All | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2008-11-17 22:05:27 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
These changes are good. Fixed in selinux-policy-3.3.1-85.fc9.noarch Closing all bugs that have been in modified for over a month. Please reopen if the bug is not actually fixed. |
Created attachment 313765 [details] SE Linux rules added to make both Exim & Dovecot work with above config. Description of problem: Unable to use dovecot auth inside of Exim Version-Release number of selected component (if applicable): dovecot-1.0.15-10.fc9.i386 exim-4.69-4.fc9.i386 selinux-policy-3.3.1-79.fc9.noarch SELinux status: enabled SELinuxfs mount: /selinux Current mode: enforcing Mode from config file: enforcing Policy version: 22 Policy from config file: targeted How reproducible: 100% Steps to Reproduce: 1. Install / configure FreeIPA 2. Add following to exim config begin authenticators gssapi: driver = dovecot server_advertise_condition = yes public_name = GSSAPI server_socket = /var/run/dovecot/auth-client 3. Uncomment the following lines in dovecot config socket listen { client { path = /var/run/dovecot/auth-client user = dovecot group = exim mode = 0660 } } Actual results: SELinux denies from both dovecot & exim Expected results: Auth via KRB5 ticket for IMAP & SMTP Additional info: Possibly a sebool would be nice to correct this, since not everyone is going to need this functionality. Attached local policy created to correct issue on my box.