Bug 227335 - conflicting selinux contexts defined for dovecot files
Summary: conflicting selinux contexts defined for dovecot files
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: dovecot
Version: 7
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Tomas Janousek
QA Contact:
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-02-05 12:46 UTC by Mark Knoop
Modified: 2014-01-21 22:57 UTC (History)
2 users (show)

(edit)
Clone Of:
(edit)
Last Closed: 2008-01-04 14:07:15 UTC


Attachments (Terms of Use)

Description Mark Knoop 2007-02-05 12:46:16 UTC
Description of problem:
conflicting specifications defined for dovecot files

Version-Release number of selected component (if applicable):
selinux-policy-targeted-2.4.6-27.fc6
dovecot-1.0-1.1.rc15.fc6

How reproducible:
Very.

Steps to Reproduce:
1. Run an imap server with dovecot
2. Notice avc denials
3. Run `fixfiles relabel`
  
Actual results:
matchpathcon_filespec_add:  conflicting specifications for
/var/run/dovecot/login/ssl-parameters.dat and
/var/lib/dovecot/ssl-parameters.dat, using system_u:object_r:dovecot_var_run_t:s0.

The two files mentioned are hardlinks, yet the policy defines differing contexts. 

Additional info:
grep -e var.....dovecot /etc/selinux/targeted/contexts/files/file_contexts
/var/lib/dovecot(/.*)?  system_u:object_r:dovecot_var_lib_t:s0
/var/run/dovecot(-login)?(/.*)? system_u:object_r:dovecot_var_run_t:s0

See also bug 215722 for a similar problem with postfix.

Comment 1 Daniel Walsh 2007-02-05 20:02:10 UTC
Is this some kind of local customization?  Why would a Hard linked file be in
/var/run/dovecot directory.

If this is something you setup you could do the following to remove the problem

semanage fcontext -a -t dovecot_var_lib_t /var/run/dovecot/login/ssl-parameters.dat

If this is some kind of normal setup, I believe it is a bug in dovecot.

Comment 2 Timo Sirainen 2007-02-05 20:28:22 UTC
By default ssl-parameters.dat is created to /var/lib/dovecot/ and updated once a week, and from there it's 
hardlinked to /var/run/dovecot/ (or copied if hardlinking fails).

Comment 3 Mark Knoop 2007-02-06 09:58:25 UTC
Just confirming that this is a normal setup. 

Also wondered how far away selinux-policy-2.4.6-28 is for FC6?

Comment 4 Mark Knoop 2007-07-22 11:57:25 UTC
This is still here in f7:

selinux-policy-targeted-2.6.4-26.fc7
dovecot-1.0.1-12.fc7

Any idea yet whether this is a dovecot bug or an selinux bug?

Comment 5 Daniel Walsh 2007-07-23 13:14:39 UTC
Fixed in selinux-policy-2.6.4-29.fc7


Note You need to log in before you can comment on or make changes to this bug.