Bug 167043 - dovecot can't write mail spool files
dovecot can't write mail spool files
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
4
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-08-29 15:16 EDT by David Juran
Modified: 2007-11-30 17:11 EST (History)
3 users (show)

See Also:
Fixed In Version: 1.25.4-10.1
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-09-12 05:04:56 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description David Juran 2005-08-29 15:16:11 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.10) Gecko/20050720 Fedora/1.0.6-1.1.fc4 Firefox/1.0.6

Description of problem:
After updating to selinux-policy-targeted-1.25.4-10, dovecot no longer was able to write mail spool files. This at least broke squirrelmail and resulted in syslog spewing out lots of lines like:

 Aug 29 18:56:06 emilia kernel: audit(1125334566.190:82): avc:  denied  { write } for  pid=26248 comm="imap" name="david" dev=dm-3 ino=32849 scontext=root:system_r:dovecot_t tcontext=system_u:object_r:mail_spool_t tclass=file

Changing line 46 in /etc/selinux/targeted/src/policy/domains/program/dovecot.te back to 
rw_dir_create_file(dovecot_t, mail_spool_t)
instead of 
ra_dir_create_file(dovecot_t, mail_spool_t)
seems to remedy the problem

Version-Release number of selected component (if applicable):
selinux-policy-targeted-1.25.4-10

How reproducible:
Always

Steps to Reproduce:
1. update to selinux-policy-targeted-1.25.4-10
2. try listing your inbox using squrrelmail

  

Additional info:
Comment 1 Neil Bezuidenhout 2005-09-01 01:10:28 EDT
Setting "Disable SELinux protection for dovecot daemon" and re-starting dovecot
works as a temporary fix for the problem.

When opening Thunderbird while the error exists, the IMAP folders seems to be
re-set to zero size from its original sice (eg. Sent changed from 5MB to 0Mb),
which looks like the IMAP/mail folders in the user's directory is accessable by
the mail user agent, and that the problem lies with copying the mail from the
/var/spool/mail directory.

After disabling SELinux protection for dovecot, all the email returned to the
IMAP folders.
Comment 2 Ignacio Vazquez-Abrams 2005-09-03 00:52:32 EDT
Confirmed. Downgrading to selinux-policy-targeted-1.25.3-12 also allows dovecot
to work properly.
Comment 3 Carsten Clasohm 2005-09-06 04:04:21 EDT
I was able to reproduce this. The symptom on my computer was that Thunderbird
did not show any messages in the Inbox, although /var/spool/mail/my_account
contained a couple of messages. As no error messages are displayed in
Thunderbird itself, fixing this will be hard for most users - it took myself
some time until I looked in /var/log/messages and found this ticket.
Comment 4 David Juran 2005-09-12 05:04:56 EDT
Seems to be fixed in selinux-policy-targeted-1.25.4-10.1 (-:

Note You need to log in before you can comment on or make changes to this bug.