Bug 176789 - (selinux) dovecot useless in enforcing mode
(selinux) dovecot useless in enforcing mode
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
:
Depends On:
Blocks: FC5Blocker
  Show dependency treegraph
 
Reported: 2006-01-02 14:10 EST by Nicolas Mailhot
Modified: 2007-11-30 17:11 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-01-05 16:35:23 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Relevant audit.log extract (3.13 KB, application/x-bzip)
2006-01-02 14:10 EST, Nicolas Mailhot
no flags Details
audit.log for new imap session with setenforce=0 (1.33 KB, application/x-bzip)
2006-01-02 15:33 EST, Nicolas Mailhot
no flags Details

  None (edit)
Description Nicolas Mailhot 2006-01-02 14:10:52 EST
Description of problem:

The latest selinux policies (starting around 21.12.2005) block dovecot access by
mail clients


Version-Release number of selected component (if applicable):

selinux-policy-targeted-2.1.6-19


How reproducible:

Always
Comment 1 Nicolas Mailhot 2006-01-02 14:10:53 EST
Created attachment 122690 [details]
Relevant audit.log extract
Comment 2 Daniel Walsh 2006-01-02 14:40:46 EST
Can you do a setenforce 0 and see if any other avc messages show up?
Comment 3 Nicolas Mailhot 2006-01-02 15:33:45 EST
Created attachment 122693 [details]
audit.log for new imap session with setenforce=0
Comment 4 Nicolas Mailhot 2006-01-02 15:34:29 EST
Here it is
Comment 5 Daniel Walsh 2006-01-03 10:35:25 EST
Ok I added fixes for your first log file.  Second one had no avc messages.  Can
you try it with todays policy.
Comment 6 Nicolas Mailhot 2006-01-03 10:55:20 EST
Yes, I had seen the build report
Will test this evening
Thank you for the quick fix
Comment 7 Nicolas Mailhot 2006-01-03 13:40:04 EST
Unfortunately today's rawhide does not boot in enforcing mode at all (dropping
in root account at startup). So I can't test the changes
Comment 8 Daniel Walsh 2006-01-03 13:42:15 EST
Just turn off libsetrans translations in /etc/selinux/targeted/setrans.conf.  Or
update libsetrans package from 

ftp://people.redhat.com/dwalsh/SELinux/Fedora
Comment 9 Nicolas Mailhot 2006-01-05 03:38:10 EST
I tested briefly this morning and dovecot was still broken (may be for another
reason, I switched to enforcing=0 to do a quick fix)
Comment 10 Nicolas Mailhot 2006-01-05 16:35:23 EST
Ok seems fixed today

Can go back trying to get the spamassassin part working now ;)
Comment 11 Nicolas Mailhot 2006-01-05 16:37:32 EST
Ok seems fixed today

Can go back trying to get the spamassassin part working now ;)

Thanks

Note You need to log in before you can comment on or make changes to this bug.