Bug 176789 - (selinux) dovecot useless in enforcing mode
Summary: (selinux) dovecot useless in enforcing mode
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted   
(Show other bugs)
Version: rawhide
Hardware: All Linux
medium
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact:
URL:
Whiteboard:
Keywords:
Depends On:
Blocks: FC5Blocker
TreeView+ depends on / blocked
 
Reported: 2006-01-02 19:10 UTC by Nicolas Mailhot
Modified: 2007-11-30 22:11 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-01-05 21:35:23 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Relevant audit.log extract (3.13 KB, application/x-bzip)
2006-01-02 19:10 UTC, Nicolas Mailhot
no flags Details
audit.log for new imap session with setenforce=0 (1.33 KB, application/x-bzip)
2006-01-02 20:33 UTC, Nicolas Mailhot
no flags Details

Description Nicolas Mailhot 2006-01-02 19:10:52 UTC
Description of problem:

The latest selinux policies (starting around 21.12.2005) block dovecot access by
mail clients


Version-Release number of selected component (if applicable):

selinux-policy-targeted-2.1.6-19


How reproducible:

Always

Comment 1 Nicolas Mailhot 2006-01-02 19:10:53 UTC
Created attachment 122690 [details]
Relevant audit.log extract

Comment 2 Daniel Walsh 2006-01-02 19:40:46 UTC
Can you do a setenforce 0 and see if any other avc messages show up?


Comment 3 Nicolas Mailhot 2006-01-02 20:33:45 UTC
Created attachment 122693 [details]
audit.log for new imap session with setenforce=0

Comment 4 Nicolas Mailhot 2006-01-02 20:34:29 UTC
Here it is

Comment 5 Daniel Walsh 2006-01-03 15:35:25 UTC
Ok I added fixes for your first log file.  Second one had no avc messages.  Can
you try it with todays policy.

Comment 6 Nicolas Mailhot 2006-01-03 15:55:20 UTC
Yes, I had seen the build report
Will test this evening
Thank you for the quick fix

Comment 7 Nicolas Mailhot 2006-01-03 18:40:04 UTC
Unfortunately today's rawhide does not boot in enforcing mode at all (dropping
in root account at startup). So I can't test the changes

Comment 8 Daniel Walsh 2006-01-03 18:42:15 UTC
Just turn off libsetrans translations in /etc/selinux/targeted/setrans.conf.  Or
update libsetrans package from 

ftp://people.redhat.com/dwalsh/SELinux/Fedora

Comment 9 Nicolas Mailhot 2006-01-05 08:38:10 UTC
I tested briefly this morning and dovecot was still broken (may be for another
reason, I switched to enforcing=0 to do a quick fix)

Comment 10 Nicolas Mailhot 2006-01-05 21:35:23 UTC
Ok seems fixed today

Can go back trying to get the spamassassin part working now ;)

Comment 11 Nicolas Mailhot 2006-01-05 21:37:32 UTC
Ok seems fixed today

Can go back trying to get the spamassassin part working now ;)

Thanks


Note You need to log in before you can comment on or make changes to this bug.