Description of problem: System startup, running cyrus imapd. SELinux is preventing imapd from 'map' accesses on the file /run/cyrus/db/tls_sessions.db. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that imapd should be allowed map access on the tls_sessions.db file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'imapd' --raw | audit2allow -M my-imapd # semodule -X 300 -i my-imapd.pp Additional Information: Source Context system_u:system_r:cyrus_t:s0 Target Context system_u:object_r:cyrus_var_run_t:s0 Target Objects /run/cyrus/db/tls_sessions.db [ file ] Source imapd Source Path imapd Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.14.1-25.fc28.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.16.10-300.fc28.x86_64 #1 SMP Mon May 21 14:41:48 UTC 2018 x86_64 x86_64 Alert Count 3 First Seen 2018-05-24 08:43:16 EDT Last Seen 2018-05-24 08:50:04 EDT Local ID d99fcc91-2e5d-43b5-84d5-3874f8927eba Raw Audit Messages type=AVC msg=audit(1527166204.435:261): avc: denied { map } for pid=1153 comm="imapd" path="/run/cyrus/db/tls_sessions.db" dev="tmpfs" ino=43305 scontext=system_u:system_r:cyrus_t:s0 tcontext=system_u:object_r:cyrus_var_run_t:s0 tclass=file permissive=0 Hash: imapd,cyrus_t,cyrus_var_run_t,file,map Version-Release number of selected component: selinux-policy-3.14.1-25.fc28.noarch Additional info: component: selinux-policy reporter: libreport-2.9.5 hashmarkername: setroubleshoot kernel: 4.16.10-300.fc28.x86_64 type: libreport
Description of problem: (Re)started cyrus-imapd. Version-Release number of selected component: selinux-policy-3.14.1-29.fc28.noarch Additional info: reporter: libreport-2.9.5 hashmarkername: setroubleshoot kernel: 4.16.11-300.fc28.x86_64 type: libreport
selinux-policy-3.14.1-30.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-20854ee84e
selinux-policy-3.14.1-30.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-20854ee84e
selinux-policy-3.14.1-30.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report.