Description of problem: Dovecot is compiled with postgresql support, but SELinux does not allow tcp connections between dovecot and postgresql. Version-Release number of selected component (if applicable): 1.0.0.beta2.7 How reproducible: 100% Steps to Reproduce: 1. Configure dovecot to access postgresql on tcp port 2. Run dovecot 3. Look at /var/log/audit/audit.log Actual results: type=AVC msg=audit(1143505368.215:14): avc: denied { name_connect } for pid=3512 comm="dovecot-auth" dest=5432 scontext=user_u:system_r:dovecot_auth_t:s0 tcontext=system_u:object_r:postgresql_port_t:s0 tclass=tcp_socket type=AVC msg=audit(1143505368.215:14): avc: denied { recv_msg } for pid=3512 comm="dovecot-auth" saddr=127.0.0.1 src=5432 daddr=127.0.0.1 dest=35472 netif=lo scontext=user_u:system_r:dovecot_auth_t:s0 tcontext=system_u:object_r:postgresql_port_t:s0 tclass=tcp_socket Expected results: Nothing Additional info:
Created attachment 126867 [details] Policy created by audit2allow
This should be fixed in FC6, Daniel plans to fix it for FC5 as well.
I am not updating FC5 at this point, Either upgrade to FC6 policy or use audit2allow to generate local policy.