Bug 248162 - Dovecot will not start with selinux-policy-targeted 2.6.4-26.fc7
Summary: Dovecot will not start with selinux-policy-targeted 2.6.4-26.fc7
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted   
(Show other bugs)
Version: 7
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Ben Levenson
Depends On:
TreeView+ depends on / blocked
Reported: 2007-07-13 15:27 UTC by Daniel Rowe
Modified: 2007-11-30 22:12 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-07-15 03:44:06 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Daniel Rowe 2007-07-13 15:27:37 UTC
Description of problem:

Latest selinux policy stopping Dovecot from working. Dovecot will not load.

type=AVC msg=audit(1184340111.079:62): avc:  denied  { signull } for  pid=6808
comm="dovecot" scontext=user_u:system_r:dovecot_t:s0
tcontext=system_u:system_r:setroubleshootd_t:s0 tclass=process
type=SYSCALL msg=audit(1184340111.079:62): arch=c000003e syscall=62 success=no
exit=-13 a0=adb a1=0 a2=0 a3=0 items=0 ppid=6807 pid=6808 auid=500 uid=0 gid=0
euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="dovecot"
exe="/usr/sbin/dovecot" subj=user_u:system_r:dovecot_t:s0 key=(null)

Version-Release number of selected component (if applicable):

selinux-policy.noarch                    2.6.4-26.fc7       
selinux-policy-targeted.noarch           2.6.4-26.fc7 

How reproducible:

Every time.

Steps to Reproduce:

1. service dovecot start

Actual results:

Dovecot fails to start with selinux deny in logs. 

Expected results:

Dovecot should be able to start.

Comment 1 Daniel Walsh 2007-07-13 15:47:30 UTC
Could you attach the audit.log.  This avc message you attached does not make any

Comment 2 Daniel Rowe 2007-07-15 03:44:06 UTC
I have tracked it down what this is. The new policy must have caused a relable
of the /var/run/dovecot/master.pid file or the /var/run/dovecot/master.pid file
became mislabled on the last lot of updates for some reason so Dovecot could not
remove it on shut down and restart. Dovecot didn't complain about the master.pid
file until I turned selinux to permissive. At which point it informed of the
stale pid file.

I turned enforcing mode back on and I manually deleted the
/var/run/dovecot/master.pid and now Dovecot runs fine.

Note You need to log in before you can comment on or make changes to this bug.