This service will be undergoing maintenance at 00:00 UTC, 2016-09-28. It is expected to last about 1 hours
Bug 248162 - Dovecot will not start with selinux-policy-targeted 2.6.4-26.fc7
Dovecot will not start with selinux-policy-targeted 2.6.4-26.fc7
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
All Linux
low Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Ben Levenson
Depends On:
  Show dependency treegraph
Reported: 2007-07-13 11:27 EDT by Daniel Rowe
Modified: 2007-11-30 17:12 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-07-14 23:44:06 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:

Attachments (Terms of Use)

  None (edit)
Description Daniel Rowe 2007-07-13 11:27:37 EDT
Description of problem:

Latest selinux policy stopping Dovecot from working. Dovecot will not load.

type=AVC msg=audit(1184340111.079:62): avc:  denied  { signull } for  pid=6808
comm="dovecot" scontext=user_u:system_r:dovecot_t:s0
tcontext=system_u:system_r:setroubleshootd_t:s0 tclass=process
type=SYSCALL msg=audit(1184340111.079:62): arch=c000003e syscall=62 success=no
exit=-13 a0=adb a1=0 a2=0 a3=0 items=0 ppid=6807 pid=6808 auid=500 uid=0 gid=0
euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="dovecot"
exe="/usr/sbin/dovecot" subj=user_u:system_r:dovecot_t:s0 key=(null)

Version-Release number of selected component (if applicable):

selinux-policy.noarch                    2.6.4-26.fc7       
selinux-policy-targeted.noarch           2.6.4-26.fc7 

How reproducible:

Every time.

Steps to Reproduce:

1. service dovecot start

Actual results:

Dovecot fails to start with selinux deny in logs. 

Expected results:

Dovecot should be able to start.
Comment 1 Daniel Walsh 2007-07-13 11:47:30 EDT
Could you attach the audit.log.  This avc message you attached does not make any
Comment 2 Daniel Rowe 2007-07-14 23:44:06 EDT
I have tracked it down what this is. The new policy must have caused a relable
of the /var/run/dovecot/ file or the /var/run/dovecot/ file
became mislabled on the last lot of updates for some reason so Dovecot could not
remove it on shut down and restart. Dovecot didn't complain about the
file until I turned selinux to permissive. At which point it informed of the
stale pid file.

I turned enforcing mode back on and I manually deleted the
/var/run/dovecot/ and now Dovecot runs fine.

Note You need to log in before you can comment on or make changes to this bug.