Description of problem: SELinux is preventing /usr/libexec/dovecot/dovecot-auth (dovecot_auth_t) "read" to /sbin/unix_update (updpwd_exec_t). Version-Release number of selected component (if applicable): selinux-policy-2.6.4-14.fc7 libselinux-2.0.13-1.fc7 selinux-policy-targeted-2.6.4-14.fc7 libselinux-devel-2.0.13-1.fc7 libselinux-python-2.0.13-1.fc7 dovecot-1.0.0-11.fc7 How reproducible: Setting SELinux to enforcing causes dovecot to not allow logins. Setting SELinux to permissive allows logins. This started after upgrading on June 18. The previous version of SELinux policy was selinux-policy.noarch 2.6.4-13.fc7. Additional info: I've used audit2allow to create policies that should correct this, but without success. With the modules in place, I still get messages such as this: type=USER_AUTH msg=audit(1182262859.537:329): user pid=8856 uid=0 auid=500 subj= user_u:system_r:dovecot_auth_t:s0 msg='PAM: authentication acct=tlmartin : exe=" /usr/libexec/dovecot/dovecot-auth" (hostname=::ffff:127.0.0.1, addr=::ffff:127.0 .0.1, terminal=dovecot res=success)' type=USER_ACCT msg=audit(1182262859.537:330): user pid=8856 uid=0 auid=500 subj= user_u:system_r:dovecot_auth_t:s0 msg='PAM: accounting acct=tlmartin : exe="/usr /libexec/dovecot/dovecot-auth" (hostname=::ffff:127.0.0.1, addr=::ffff:127.0.0.1 , terminal=dovecot res=failed)'
Fixed in selinux-policy-2.6.4-17
I'm on dovecot-1.0.0-11.fc7 selinux-policy-2.6.4-14.fc7 selinux-policy-targeted-2.6.4-14.fc7 and I've got a very similar problem: SELinux is preventing /usr/libexec/dovecot/dovecot-auth (dovecot_auth_t) "execute" to unix_update (updpwd_exec_t) Will 2.6.4-17 fix this as well? Thanks.
21 will and it was just released.
Hi I am getting the same: type=USER_AUTH msg=audit(1182775569.327:10269): user pid=6361 uid=0 auid=500 subj=user_u:system_r:dovecot_auth_t:s0 msg='PAM: authentication acct=bart : exe="/usr/libexec/dovecot/dovecot-auth" (hostname=::ffff:127.0.0.1, addr=::ffff:127.0.0.1, terminal=dovecot res=failed)' selinux-policy-2.6.4-14.fc7 selinux-policy-targeted-2.6.4-14.fc7
I've loaded selinux-policy-targeted-2.6.4-21.fc7 from testing and can confirm this fixes the problem. Thanks.