From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.10) Gecko/20050720 Fedora/1.0.6-1.1.fc4 Firefox/1.0.6 Description of problem: After updating to selinux-policy-targeted-1.25.4-10, dovecot no longer was able to write mail spool files. This at least broke squirrelmail and resulted in syslog spewing out lots of lines like: Aug 29 18:56:06 emilia kernel: audit(1125334566.190:82): avc: denied { write } for pid=26248 comm="imap" name="david" dev=dm-3 ino=32849 scontext=root:system_r:dovecot_t tcontext=system_u:object_r:mail_spool_t tclass=file Changing line 46 in /etc/selinux/targeted/src/policy/domains/program/dovecot.te back to rw_dir_create_file(dovecot_t, mail_spool_t) instead of ra_dir_create_file(dovecot_t, mail_spool_t) seems to remedy the problem Version-Release number of selected component (if applicable): selinux-policy-targeted-1.25.4-10 How reproducible: Always Steps to Reproduce: 1. update to selinux-policy-targeted-1.25.4-10 2. try listing your inbox using squrrelmail Additional info:
Setting "Disable SELinux protection for dovecot daemon" and re-starting dovecot works as a temporary fix for the problem. When opening Thunderbird while the error exists, the IMAP folders seems to be re-set to zero size from its original sice (eg. Sent changed from 5MB to 0Mb), which looks like the IMAP/mail folders in the user's directory is accessable by the mail user agent, and that the problem lies with copying the mail from the /var/spool/mail directory. After disabling SELinux protection for dovecot, all the email returned to the IMAP folders.
Confirmed. Downgrading to selinux-policy-targeted-1.25.3-12 also allows dovecot to work properly.
I was able to reproduce this. The symptom on my computer was that Thunderbird did not show any messages in the Inbox, although /var/spool/mail/my_account contained a couple of messages. As no error messages are displayed in Thunderbird itself, fixing this will be hard for most users - it took myself some time until I looked in /var/log/messages and found this ticket.
Seems to be fixed in selinux-policy-targeted-1.25.4-10.1 (-: