cyrus-imapd fails when selinux is in enforcing mode because it fails to read /etc/krb5.conf type=AVC msg=audit(1173921130.084:9582): avc: denied { getattr } for pid=12595 comm="imapd" name="krb5.conf" dev=dm-0 ino=101248 scontext=root:system_r:cyrus_t:s0 tcontext=system_u:object_r:krb5_conf_t:s0 tclass=file type=SYSCALL msg=audit(1173921130.084:9582): arch=c000003e syscall=4 success=no exit=-13 a0=5555559db7b0 a1=7fff301a2630 a2=7fff301a2630 a3=555555907a80 items=0 ppid=12534 pid=12595 auid=0 uid=76 gid=12 euid=76 suid=76 fsuid=76 egid=12 sgid=12 fsgid=12 tty=(none) comm="imapd" exe="/usr/lib/cyrus-imapd/imapd" subj=root:system_r:cyrus_t:s0 key=(null) type=AVC_PATH msg=audit(1173921130.084:9582): path="/etc/krb5.conf" A module like the following fixes the problem. module mycyrusimapd 1.0.0; require { class dir search; class file { read getattr }; type cyrus_t; type krb5_conf_t; role system_r; }; allow cyrus_t krb5_conf_t:file read; allow cyrus_t krb5_conf_t:file getattr;
Fixed in selinux-policy-2.4.6-46
Thanks.