Description of problem: Selinux is preventing dovecot from reading filesystem quota Version-Release number of selected component (if applicable): selinux-policy-targeted-3.14.3-46.fc30.noarch How reproducible: Steps to Reproduce: 1. enable quota plugin in dovecot: quota = fs:User quota 2. start dovecot 3. access the maildir Actual results: AVC avc: denied { quotaget } for pid=7538 comm="imap" scontext=system_u:system_r:dovecot_t:s0 tcontext=system_u:object_r:fs_t:s0 tclass=filesystem permissive=0 Expected results: Dovecot is able to read filesystem quota. Additional info:
commit 2f6f911dab62b01aa1c417bc168b56d53510c8d3 (HEAD -> rawhide) Author: Lukas Vrabec <lvrabec> Date: Tue Oct 29 10:28:45 2019 +0100 Allow dovecot get filesystem quotas Allow processes labeled as dovecot_t domain to use quota plugin. Resolves: rhbz#1765897
FEDORA-2019-70d80ad4bc has been submitted as an update to Fedora 30. https://bodhi.fedoraproject.org/updates/FEDORA-2019-70d80ad4bc
selinux-policy-3.14.3-52.fc30 has been pushed to the Fedora 30 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-70d80ad4bc
Unfortunately, in the meantime I upgraded to Fedora 31. I am no longer able to test F30 packages. The problem is present in Fedora 31.
Marek, What is output of: # rpm -q selinux-policy THanks, Lukas.
selinux-policy-3.14.4-39.fc31.noarch
Hi Marek, # sesearch -A -s dovecot_t -t fs_t -c filesystem allow dovecot_t filesystem_type:filesystem { getattr quotaget }; # rpm -q selinux-policy selinux-policy-3.14.4-40.fc31.noarch It's fixed in the latest selinux-policy rpm package. You can install form updates-testing before it will be moved to the updates repository. # dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2019-aec8f7ab50 Thanks, Lukas.
Hi, I confirm that selinux-policy-3.14.4-40.fc31.noarch fixes the problem. Thanks Marek
selinux-policy-3.14.3-52.fc30 has been pushed to the Fedora 30 stable repository. If problems still persist, please make note of it in this bug report.