Bug 198014 - cyrus imapd triggers selinux denials
cyrus imapd triggers selinux denials
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
5
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-07-07 21:51 EDT by Kirk Smith
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version: Current
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-03-28 16:04:31 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Kirk Smith 2006-07-07 21:51:14 EDT
Under normal operation, selinux reports denial errors from cyrus imapd.

To eliminate all the errors, I installed the following policy:

----
module cyrus_local 1.0;

require {
        class netlink_route_socket { bind create getattr nlmsg_read read write };
        type cyrus_t;
        role system_r;
};

allow cyrus_t self:netlink_route_socket { bind create getattr nlmsg_read read
write };
----
I'm really not sure what the imapd program is doing here, but this makes it work
 better, without triggering selinux denials and apparently doing no additional
harm to the security of the system.

Kirk
Comment 1 Daniel Walsh 2006-07-11 10:22:22 EDT
Fixed in selinux-policy-2.3.2-2
Comment 2 Daniel Walsh 2007-03-28 16:04:31 EDT
Closing bugs

Note You need to log in before you can comment on or make changes to this bug.