Description of problem: conflicting specifications defined for dovecot files Version-Release number of selected component (if applicable): selinux-policy-targeted-2.4.6-27.fc6 dovecot-1.0-1.1.rc15.fc6 How reproducible: Very. Steps to Reproduce: 1. Run an imap server with dovecot 2. Notice avc denials 3. Run `fixfiles relabel` Actual results: matchpathcon_filespec_add: conflicting specifications for /var/run/dovecot/login/ssl-parameters.dat and /var/lib/dovecot/ssl-parameters.dat, using system_u:object_r:dovecot_var_run_t:s0. The two files mentioned are hardlinks, yet the policy defines differing contexts. Additional info: grep -e var.....dovecot /etc/selinux/targeted/contexts/files/file_contexts /var/lib/dovecot(/.*)? system_u:object_r:dovecot_var_lib_t:s0 /var/run/dovecot(-login)?(/.*)? system_u:object_r:dovecot_var_run_t:s0 See also bug 215722 for a similar problem with postfix.
Is this some kind of local customization? Why would a Hard linked file be in /var/run/dovecot directory. If this is something you setup you could do the following to remove the problem semanage fcontext -a -t dovecot_var_lib_t /var/run/dovecot/login/ssl-parameters.dat If this is some kind of normal setup, I believe it is a bug in dovecot.
By default ssl-parameters.dat is created to /var/lib/dovecot/ and updated once a week, and from there it's hardlinked to /var/run/dovecot/ (or copied if hardlinking fails).
Just confirming that this is a normal setup. Also wondered how far away selinux-policy-2.4.6-28 is for FC6?
This is still here in f7: selinux-policy-targeted-2.6.4-26.fc7 dovecot-1.0.1-12.fc7 Any idea yet whether this is a dovecot bug or an selinux bug?
Fixed in selinux-policy-2.6.4-29.fc7