Bug 656518
Summary: | SELinux policy denies dovecot's bind to TCP LMTP port. | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | AJ Zmudosky <ajz> |
Component: | selinux-policy-targeted | Assignee: | Miroslav Grepl <mgrepl> |
Status: | CLOSED ERRATA | QA Contact: | Ben Levenson <benl> |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | 14 | CC: | dwalsh |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | selinux-policy-3.9.7-14.fc14 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2010-12-05 00:37:36 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
AJ Zmudosky
2010-11-23 22:25:56 UTC
Looks reasonable to me. A related issue, though I can open another bug for it: Dovecot's Pigeonhole ManageSieve plugin (from the dovecot-pigeonhole package) stops dovecot from starting up, because it lacks permission to bind to the "sieve_port_t". Auditd log entry: type=AVC msg=audit(1290656845.390:273): avc: denied { name_bind } for pid=2669 comm="dovecot" src=4190 scontext=unconfined_u:system_r:dovecot_t:s0 tcontext=system_u:object_r:sieve_port_t:s0 tclass=tcp_socket type=SYSCALL msg=audit(1290656845.390:273): arch=c000003e syscall=49 success=no exit=-13 a0=d a1=7fff4f542200 a2=10 a3=7fff4f541f50 items=0 ppid=2668 pid=2669 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=38 comm="dovecot" exe="/usr/sbin/dovecot" subj=unconfined_u:system_r:dovecot_t:s0 key=(null) Miroslav add corenet_tcp_bind_sieve_port(dovecot_t) Also Fixed in selinux-policy-3.9.7-14.fc14 selinux-policy-3.9.7-14.fc14 has been submitted as an update for Fedora 14. https://admin.fedoraproject.org/updates/selinux-policy-3.9.7-14.fc14 selinux-policy-3.9.7-14.fc14 has been pushed to the Fedora 14 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update selinux-policy'. You can provide feedback for this update here: https://admin.fedoraproject.org/updates/selinux-policy-3.9.7-14.fc14 selinux-policy-3.9.7-14.fc14 has been pushed to the Fedora 14 stable repository. If problems still persist, please make note of it in this bug report. |