Bug 1560704 - dovecot service fails: Dovecot is already running? Socket already exists: /var/run/dovecot/login/ipc-proxy
Summary: dovecot service fails: Dovecot is already running? Socket already exists: /va...
Keywords:
Status: CLOSED DUPLICATE of bug 1578872
Alias: None
Product: Fedora
Classification: Fedora
Component: dovecot
Version: rawhide
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Michal Hlavinka
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
: 1568510 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-03-26 19:19 UTC by Rachel Sibley
Modified: 2018-06-07 08:13 UTC (History)
16 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-06-07 08:05:54 UTC
Type: Bug


Attachments (Terms of Use)

Description Rachel Sibley 2018-03-26 19:19:58 UTC
Description of problem:
Starting the dovecot service on rawhide results in failed status with the following errors:
Fatal: Dovecot is already running? Socket already exists: /var/run/dovecot/login/ipc-proxy
master: Fatal: Dovecot is already running? Socket already exists: /var/run/dovecot/login/ipc-proxy

Version-Release number of selected component (if applicable):
# rpm -qa dovecot
dovecot-2.2.33.2-3.fc28.x86_64

How reproducible:
Always

Steps to Reproduce:
1. dnf install dovecot
2. systemctl start dovecot
3.

Actual results:
# systemctl status dovecot
● dovecot.service - Dovecot IMAP/POP3 email server
   Loaded: loaded (/usr/lib/systemd/system/dovecot.service; disabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Mon 2018-03-26 14:17:28 EDT; 10min ago
     Docs: man:dovecot(1)
           http://wiki2.dovecot.org/
  Process: 21914 ExecStart=/usr/sbin/dovecot (code=exited, status=89)
  Process: 21908 ExecStartPre=/usr/libexec/dovecot/prestartscript (code=exited, status=0/SUCCESS)

Mar 26 14:17:28 qeos-40.lab.eng.rdu2.redhat.com systemd[1]: Starting Dovecot IMAP/POP3 email server...
Mar 26 14:17:28 qeos-40.lab.eng.rdu2.redhat.com dovecot[21914]: Fatal: Dovecot is already running? Socket already exists: /var/run/dovecot/login/ipc-proxy
Mar 26 14:17:28 qeos-40.lab.eng.rdu2.redhat.com dovecot[21914]: master: Fatal: Dovecot is already running? Socket already exists: /var/run/dovecot/login/ipc-proxy
Mar 26 14:17:28 qeos-40.lab.eng.rdu2.redhat.com systemd[1]: dovecot.service: Control process exited, code=exited status=89
Mar 26 14:17:28 qeos-40.lab.eng.rdu2.redhat.com systemd[1]: dovecot.service: Failed with result 'exit-code'.
Mar 26 14:17:28 qeos-40.lab.eng.rdu2.redhat.com systemd[1]: Failed to start Dovecot IMAP/POP3 email server.

Expected results:
dovecot starts without errors

Additional info:

Comment 1 Bruno Goncalves 2018-03-27 10:45:45 UTC
The problem seems to be related to SELinux.

Mar 27 10:41:40 localhost.localdomain audit[19283]: AVC avc:  denied  { dac_override } for  pid=19283 comm="dovecot" capability=1  scontext=system_u:system_r:dovecot_t:s0 tcontext=system_u:system_r:dovecot_t:s0>
Mar 27 10:41:40 localhost.localdomain dovecot[19283]: Fatal: Dovecot is already running? Socket already exists: /var/run/dovecot/login/ipc-proxy
Mar 27 10:41:40 localhost.localdomain dovecot[19283]: master: Fatal: Dovecot is already running? Socket already exists: /var/run/dovecot/login/ipc-proxy
Mar 27 10:41:40 localhost.localdomain systemd[1]: dovecot.service: Control process exited, code=exited status=89
Mar 27 10:41:40 localhost.localdomain systemd[1]: dovecot.service: Failed with result 'exit-code'.
Mar 27 10:41:40 localhost.localdomain systemd[1]: Failed to start Dovecot IMAP/POP3 email server.
-- Subject: Unit dovecot.service has failed


# grep denied /var/log/audit/audit.log 
type=AVC msg=audit(1522147124.529:381): avc:  denied  { dac_override } for  pid=17826 comm="dovecot" capability=1  scontext=system_u:system_r:dovecot_t:s0 tcontext=system_u:system_r:dovecot_t:s0 tclass=capability permissive=0


And my guess it is related to BZ#1508960

Comment 2 Dominik 'Rathann' Mierzejewski 2018-05-02 19:27:02 UTC
Same here. Stopped working after upgrading from F27.

Comment 3 Dominik 'Rathann' Mierzejewski 2018-05-02 19:29:43 UTC
As a workaround, I have added the following local SELinux policy:
# cat dovecot-local.cil 
(typeattributeset cil_gen_require dovecot_auth_t)
(typeattributeset cil_gen_require dovecot_t)
(typeattributeset cil_gen_require init_t)
(allow dovecot_auth_t init_t (dbus (send_msg)))
(allow dovecot_t self (capability (dac_override)))

Comment 4 Dominik 'Rathann' Mierzejewski 2018-05-02 19:40:24 UTC
I have dovecot configured as auth agent for postfix:
# cat /etc/dovecot/conf.d/10-master-local.conf 
service imap-login {
  inet_listener imap {
    port=0
  }
}

service auth {
  unix_listener auth-userdb {
  }
  unix_listener /var/spool/postfix/private/auth {
    mode = 0660
    user = postfix
    group = postfix
  }
}

In my case, the AVC denials are:
type=AVC msg=audit(1525288703.471:253): avc:  denied  { dac_override } for  pid=1404 comm="dovecot" capability=1  scontext=system_u:system_r:dovecot_t:s0 tcontext=system_u:system_r:dovecot_t:s0 tclass=capability permissive=0

and the dovecot errors:
May 02 21:18:23 localhost.localdomain systemd[1]: Starting Dovecot IMAP/POP3 email server...
May 02 21:18:23 localhost.localdomain dovecot[1404]: Error: bind(/var/spool/postfix/private/auth) failed: Permission denied
May 02 21:18:23 localhost.localdomain dovecot[1404]: master: Error: bind(/var/spool/postfix/private/auth) failed: Permission denied
May 02 21:18:23 localhost.localdomain dovecot[1404]: Error: service(auth): net_listen_unix(/var/spool/postfix/private/auth) failed: Permission denied
May 02 21:18:23 localhost.localdomain dovecot[1404]: master: Error: service(auth): net_listen_unix(/var/spool/postfix/private/auth) failed: Permission denied
May 02 21:18:23 localhost.localdomain dovecot[1404]: Fatal: Failed to start listeners
May 02 21:18:23 localhost.localdomain dovecot[1404]: master: Fatal: Failed to start listeners
May 02 21:18:23 localhost.localdomain systemd[1]: dovecot.service: Control process exited, code=exited status=89
May 02 21:18:23 localhost.localdomain systemd[1]: dovecot.service: Failed with result 'exit-code'.
May 02 21:18:23 localhost.localdomain systemd[1]: Failed to start Dovecot IMAP/POP3 email server.

Comment 5 Lukas Vrabec 2018-05-03 18:08:50 UTC
Milos, 
Could you look on this BZ please? it's same story with DAC_OVERRIDE. 

Thanks,
Lukas.

Comment 6 Lukas Vrabec 2018-05-03 18:09:44 UTC
*** Bug 1568510 has been marked as a duplicate of this bug. ***

Comment 7 Lukas Vrabec 2018-05-03 18:11:21 UTC
Hi, 

This is more issue on dovecot side than SELinux, problem here is that process dovecot is owned by root:root. Socket /var/run/dovecot/login/ipc-proxy is owned by dovenull:root and SELinux requires proper permissions on filesystem even if root could bypass all permissions. Kernel use 'group' for check permissions and mode is 600, and process trying access this socket so it should be changed.

Comment 8 Michal Hlavinka 2018-06-07 08:05:54 UTC

*** This bug has been marked as a duplicate of bug 1578872 ***


Note You need to log in before you can comment on or make changes to this bug.