Bug 198014 - cyrus imapd triggers selinux denials
Summary: cyrus imapd triggers selinux denials
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted
Version: 5
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2006-07-08 01:51 UTC by Kirk Smith
Modified: 2007-11-30 22:11 UTC (History)
0 users

Fixed In Version: Current
Clone Of:
Environment:
Last Closed: 2007-03-28 20:04:31 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Kirk Smith 2006-07-08 01:51:14 UTC
Under normal operation, selinux reports denial errors from cyrus imapd.

To eliminate all the errors, I installed the following policy:

----
module cyrus_local 1.0;

require {
        class netlink_route_socket { bind create getattr nlmsg_read read write };
        type cyrus_t;
        role system_r;
};

allow cyrus_t self:netlink_route_socket { bind create getattr nlmsg_read read
write };
----
I'm really not sure what the imapd program is doing here, but this makes it work
 better, without triggering selinux denials and apparently doing no additional
harm to the security of the system.

Kirk

Comment 1 Daniel Walsh 2006-07-11 14:22:22 UTC
Fixed in selinux-policy-2.3.2-2

Comment 2 Daniel Walsh 2007-03-28 20:04:31 UTC
Closing bugs



Note You need to log in before you can comment on or make changes to this bug.