From Bugzilla Helper: User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4 Description of problem: Dovecot is unable to retrieve emails from user's ~/Maildir/new folder, aka INBOX. Version-Release number of selected component (if applicable): dovecot-0.99.14-4.fc4 How reproducible: Always Steps to Reproduce: Selinux in targeted mode, Postfix delivering mail directly into ~/Maildir, Dovecot running as targeted daemon, (Haven't tested any other folders yet, not relevant yet.) Actual Results: /etc/audit/audit.log: type=PATH msg=audit(1119797848.277:8929789): item=0 name="/home/athompso/Maildir/new/1119796843.Vfd00I1b4960eM796961.server.athompso.net" inode=28612110 dev=fd:00 mode=0100600 ouid=500 ogid=500 rdev=00:00 type=SYSCALL msg=audit(1119797848.277:8929789): arch=40000003 syscall=5 success=no exit=-13 a0=8ae5230 a1=8000 a2=0 a3=8000 items=1 pid=7920 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 comm="imap" exe="/usr/libexec/dovecot/imap" type=AVC msg=audit(1119797848.277:8929789): avc: denied { read } for pid=7920 comm="imap" name=1119796843.Vfd00I1b4960eM796961.server.athompso.net dev=dm-0 ino=28612110 scontext=root:system_r:dovecot_t tcontext=root:object_r:user_home_dir_t tclass=file Expected Results: Dovecot should have been able to read the messages... Additional info: Bizarre. After relabeling my entire home directory to user_u:object_r:user_home_t (which it wasn't, thanks to restoring from a non-SELinux tape backup) now dovecot can read email... Fix: # chcon -R -u user_u -o object_r -t user_home_t $HOME (of course, getting yourself into a context where you're allowed to relabel such things can be a hassle too, if you aren't an selinux guru.)
I suppose the problem was in your home dir labeling, which means not a bug (considering that your home dirs were in user identity root instead of user_u). If you experience selinux problems in future and they seem to be related to system (as opposed to your local policy or labeling), please file bugs with appropriate components (that is eg. relevant selinux policy).