From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4

Description of problem:
Dovecot is unable to retrieve emails from user's ~/Maildir/new folder, aka INBOX.



Version-Release number of selected component (if applicable):
dovecot-0.99.14-4.fc4

How reproducible:
Always

Steps to Reproduce:
Selinux in targeted mode,
Postfix delivering mail directly into ~/Maildir,
Dovecot running as targeted daemon,
(Haven't tested any other folders yet, not relevant yet.)


Actual Results:  /etc/audit/audit.log:
type=PATH msg=audit(1119797848.277:8929789): item=0 name="/home/athompso/Maildir/new/1119796843.Vfd00I1b4960eM796961.server.athompso.net" inode=28612110 dev=fd:00 mode=0100600 ouid=500 ogid=500 rdev=00:00
type=SYSCALL msg=audit(1119797848.277:8929789): arch=40000003 syscall=5 success=no exit=-13 a0=8ae5230 a1=8000 a2=0 a3=8000 items=1 pid=7920 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 comm="imap" exe="/usr/libexec/dovecot/imap"
type=AVC msg=audit(1119797848.277:8929789): avc:  denied  { read } for  pid=7920 comm="imap" name=1119796843.Vfd00I1b4960eM796961.server.athompso.net dev=dm-0 ino=28612110 scontext=root:system_r:dovecot_t tcontext=root:object_r:user_home_dir_t tclass=file


Expected Results:  Dovecot should have been able to read the messages...

Additional info:

Bizarre.  After relabeling my entire home directory to user_u:object_r:user_home_t (which it wasn't, thanks to restoring from a non-SELinux tape backup) now dovecot can read email...

Fix:

# chcon -R -u user_u -o object_r -t user_home_t $HOME

(of course, getting yourself into a context where you're allowed to relabel such things can be a hassle too, if you aren't an selinux guru.)