Description of problem: The dovecot imap server is denied write access to users Maildir which are automounted over NFS. setroubleshoot suggests "setsebool -P use_nfs_home_dirs=1" which has been done but makes no difference. Also setting "dovecot_disable_trans=1" does not make any difference. Version-Release number of selected component (if applicable): selinux-policy-2.4.6-30.el5 dovecot-1.0-1.2.rc15.el5 selinux-policy-targeted-2.4.6-30.el5 How reproducible: Always Steps to Reproduce: 1. Configure dovecot with mail_location = maildir:~/Maildir 2. NFS used to mount home directories on dovecot server: context is nfs_t 3. Use selinux in enforcing mode with policy targeted 4. setsebool -P use_nfs_home_dirs=1 5. Connect to dovecot server using a mail client and attempt to delete an email. Actual results: avc: denied { write } for comm="imap" dev=0:16 egid=600 euid=1000 exe="/usr/libexec/dovecot/imap" exit=-13 fsgid=600 fsuid=1000 gid=600 items=0 name="cur" pid=5500 scontext=user_u:system_r:dovecot_t:s0 sgid=600 subj=user_u:system_r:dovecot_t:s0 suid=1000 tclass=dir tcontext=system_u:object_r:nfs_t:s0 tty=(none) uid=1000 Expected results: File to be moved to Trash Additional info: I am using NFS4 but get same behaviour with NFS3.
Fixed in selinux-policy-2.4.6-75
This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux maintenance release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux Update release for currently deployed products. This request is not yet committed for inclusion in an Update release.
Could you try the new policy available at the link below and reply whether the new packages solve your problem. http://people.redhat.com/dwalsh/SELinux/RHEL5/noarch/
Seems to be fixed in 2.4.6-98 - thanks
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2007-0544.html