Description of problem: The cyrus imap server is denied when trying to create a networked lmtp socket. Apparently there is no rule allowing the access from "cyrus_t" to "reserved_port_t" for a "tcp_socket". The following lines are in audit.log. ########## type=AVC msg=audit(1155112259.877:16): avc: denied { name_bind } for pid=2487 comm="cyrus-master" src=24 scontext=system_u:system_r:cyrus_t:s0 tcontext=system_u:object_r:reserved_port_t:s0 tclass=tcp_socket type=SYSCALL msg=audit(1155112259.877:16): arch=c000003e syscall=49 success=no exit=-13 a0=25 a1=52fdc0 a2=1c a3=7fffd25f944c items=0 pid=2487 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="cyrus-master" exe="/usr/lib/cyrus-imapd/cyrus-master" subj=system_u:system_r:cyrus_t:s0 type=SOCKADDR msg=audit(1155112259.877:16): saddr=0A000018000000000000000000000000000000000000000000000000 type=AVC msg=audit(1155112259.877:17): avc: denied { name_bind } for pid=2487 comm="cyrus-master" src=24 scontext=system_u:system_r:cyrus_t:s0 tcontext=system_u:object_r:reserved_port_t:s0 tclass=tcp_socket type=SYSCALL msg=audit(1155112259.877:17): arch=c000003e syscall=49 success=no exit=-13 a0=25 a1=52fe20 a2=10 a3=7fffd25f944c items=0 pid=2487 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="cyrus-master" exe="/usr/lib/cyrus-imapd/cyrus-master" subj=system_u:system_r:cyrus_t:s0 type=SOCKADDR msg=audit(1155112259.877:17): saddr=02000018000000000000000000000000 ########## Version-Release number of selected component (if applicable): cyrus-imapd-2.3.1-2.6.fc5, kernel-2.6.17-1.2157_FC5, selinux-policy-targeted-2.3.3-8.fc5 Steps to Reproduce: Edit the configuration line in "/etc/cyrus.conf" for lmtp by removing the leading "#", thus uncommenting the line. Restart cyrus using "service cyrus-imapd restart" or reboot with cyrus-imapd enabled. "/var/log/maillog" shows the line "master[XXXX]: unable to create lmtp listener socket: Permission denied".
Fixed in selinux-policy-2.3.6-3.fc5
Closing bugs