Under normal operation, selinux reports denial errors from cyrus imapd. To eliminate all the errors, I installed the following policy: ---- module cyrus_local 1.0; require { class netlink_route_socket { bind create getattr nlmsg_read read write }; type cyrus_t; role system_r; }; allow cyrus_t self:netlink_route_socket { bind create getattr nlmsg_read read write }; ---- I'm really not sure what the imapd program is doing here, but this makes it work better, without triggering selinux denials and apparently doing no additional harm to the security of the system. Kirk
Fixed in selinux-policy-2.3.2-2
Closing bugs