Bug 176789 - (selinux) dovecot useless in enforcing mode
Summary: (selinux) dovecot useless in enforcing mode
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: FC5Blocker
TreeView+ depends on / blocked
 
Reported: 2006-01-02 19:10 UTC by Nicolas Mailhot
Modified: 2007-11-30 22:11 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2006-01-05 21:35:23 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)
Relevant audit.log extract (3.13 KB, application/x-bzip)
2006-01-02 19:10 UTC, Nicolas Mailhot 		no flags Details
audit.log for new imap session with setenforce=0 (1.33 KB, application/x-bzip)
2006-01-02 20:33 UTC, Nicolas Mailhot 		no flags Details
View All

Description Nicolas Mailhot 2006-01-02 19:10:52 UTC 
Description of problem:

The latest selinux policies (starting around 21.12.2005) block dovecot access by
mail clients


Version-Release number of selected component (if applicable):

selinux-policy-targeted-2.1.6-19


How reproducible:

Always
Comment 1 Nicolas Mailhot 2006-01-02 19:10:53 UTC 
Created attachment 122690 [details]
Relevant audit.log extract
Comment 2 Daniel Walsh 2006-01-02 19:40:46 UTC 
Can you do a setenforce 0 and see if any other avc messages show up?
Comment 3 Nicolas Mailhot 2006-01-02 20:33:45 UTC 
Created attachment 122693 [details]
audit.log for new imap session with setenforce=0
Comment 4 Nicolas Mailhot 2006-01-02 20:34:29 UTC 
Here it is
Comment 5 Daniel Walsh 2006-01-03 15:35:25 UTC 
Ok I added fixes for your first log file.  Second one had no avc messages.  Can
you try it with todays policy.
Comment 6 Nicolas Mailhot 2006-01-03 15:55:20 UTC 
Yes, I had seen the build report
Will test this evening
Thank you for the quick fix
Comment 7 Nicolas Mailhot 2006-01-03 18:40:04 UTC 
Unfortunately today's rawhide does not boot in enforcing mode at all (dropping
in root account at startup). So I can't test the changes
Comment 8 Daniel Walsh 2006-01-03 18:42:15 UTC 
Just turn off libsetrans translations in /etc/selinux/targeted/setrans.conf.  Or
update libsetrans package from 

ftp://people.redhat.com/dwalsh/SELinux/Fedora
Comment 9 Nicolas Mailhot 2006-01-05 08:38:10 UTC 
I tested briefly this morning and dovecot was still broken (may be for another
reason, I switched to enforcing=0 to do a quick fix)
Comment 10 Nicolas Mailhot 2006-01-05 21:35:23 UTC 
Ok seems fixed today

Can go back trying to get the spamassassin part working now ;)
Comment 11 Nicolas Mailhot 2006-01-05 21:37:32 UTC 
Ok seems fixed today

Can go back trying to get the spamassassin part working now ;)

Thanks
Note You need to log in before you can comment on or make changes to this bug.