Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
Bug 227335 - conflicting selinux contexts defined for dovecot files
conflicting selinux contexts defined for dovecot files
Product: Fedora
Classification: Fedora
Component: dovecot (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Tomas Janousek
Depends On:
  Show dependency treegraph
Reported: 2007-02-05 07:46 EST by Mark Knoop
Modified: 2014-01-21 17:57 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-01-04 09:07:15 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Mark Knoop 2007-02-05 07:46:16 EST
Description of problem:
conflicting specifications defined for dovecot files

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Run an imap server with dovecot
2. Notice avc denials
3. Run `fixfiles relabel`
Actual results:
matchpathcon_filespec_add:  conflicting specifications for
/var/run/dovecot/login/ssl-parameters.dat and
/var/lib/dovecot/ssl-parameters.dat, using system_u:object_r:dovecot_var_run_t:s0.

The two files mentioned are hardlinks, yet the policy defines differing contexts. 

Additional info:
grep -e var.....dovecot /etc/selinux/targeted/contexts/files/file_contexts
/var/lib/dovecot(/.*)?  system_u:object_r:dovecot_var_lib_t:s0
/var/run/dovecot(-login)?(/.*)? system_u:object_r:dovecot_var_run_t:s0

See also bug 215722 for a similar problem with postfix.
Comment 1 Daniel Walsh 2007-02-05 15:02:10 EST
Is this some kind of local customization?  Why would a Hard linked file be in
/var/run/dovecot directory.

If this is something you setup you could do the following to remove the problem

semanage fcontext -a -t dovecot_var_lib_t /var/run/dovecot/login/ssl-parameters.dat

If this is some kind of normal setup, I believe it is a bug in dovecot.
Comment 2 Timo Sirainen 2007-02-05 15:28:22 EST
By default ssl-parameters.dat is created to /var/lib/dovecot/ and updated once a week, and from there it's 
hardlinked to /var/run/dovecot/ (or copied if hardlinking fails).
Comment 3 Mark Knoop 2007-02-06 04:58:25 EST
Just confirming that this is a normal setup. 

Also wondered how far away selinux-policy-2.4.6-28 is for FC6?
Comment 4 Mark Knoop 2007-07-22 07:57:25 EDT
This is still here in f7:


Any idea yet whether this is a dovecot bug or an selinux bug?
Comment 5 Daniel Walsh 2007-07-23 09:14:39 EDT
Fixed in selinux-policy-2.6.4-29.fc7

Note You need to log in before you can comment on or make changes to this bug.