Bug 167043 - dovecot can't write mail spool files
Summary: dovecot can't write mail spool files
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted   
(Show other bugs)
Version: 4
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact:
Depends On:
TreeView+ depends on / blocked
Reported: 2005-08-29 19:16 UTC by David Juran
Modified: 2007-11-30 22:11 UTC (History)
3 users (show)

Fixed In Version: 1.25.4-10.1
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-09-12 09:04:56 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description David Juran 2005-08-29 19:16:11 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.10) Gecko/20050720 Fedora/1.0.6-1.1.fc4 Firefox/1.0.6

Description of problem:
After updating to selinux-policy-targeted-1.25.4-10, dovecot no longer was able to write mail spool files. This at least broke squirrelmail and resulted in syslog spewing out lots of lines like:

 Aug 29 18:56:06 emilia kernel: audit(1125334566.190:82): avc:  denied  { write } for  pid=26248 comm="imap" name="david" dev=dm-3 ino=32849 scontext=root:system_r:dovecot_t tcontext=system_u:object_r:mail_spool_t tclass=file

Changing line 46 in /etc/selinux/targeted/src/policy/domains/program/dovecot.te back to 
rw_dir_create_file(dovecot_t, mail_spool_t)
instead of 
ra_dir_create_file(dovecot_t, mail_spool_t)
seems to remedy the problem

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. update to selinux-policy-targeted-1.25.4-10
2. try listing your inbox using squrrelmail


Additional info:

Comment 1 Neil Bezuidenhout 2005-09-01 05:10:28 UTC
Setting "Disable SELinux protection for dovecot daemon" and re-starting dovecot
works as a temporary fix for the problem.

When opening Thunderbird while the error exists, the IMAP folders seems to be
re-set to zero size from its original sice (eg. Sent changed from 5MB to 0Mb),
which looks like the IMAP/mail folders in the user's directory is accessable by
the mail user agent, and that the problem lies with copying the mail from the
/var/spool/mail directory.

After disabling SELinux protection for dovecot, all the email returned to the
IMAP folders.

Comment 2 Ignacio Vazquez-Abrams 2005-09-03 04:52:32 UTC
Confirmed. Downgrading to selinux-policy-targeted-1.25.3-12 also allows dovecot
to work properly.

Comment 3 Carsten Clasohm 2005-09-06 08:04:21 UTC
I was able to reproduce this. The symptom on my computer was that Thunderbird
did not show any messages in the Inbox, although /var/spool/mail/my_account
contained a couple of messages. As no error messages are displayed in
Thunderbird itself, fixing this will be hard for most users - it took myself
some time until I looked in /var/log/messages and found this ticket.

Comment 4 David Juran 2005-09-12 09:04:56 UTC
Seems to be fixed in selinux-policy-targeted-1.25.4-10.1 (-:

Note You need to log in before you can comment on or make changes to this bug.