Bug 248162 - Dovecot will not start with selinux-policy-targeted 2.6.4-26.fc7
Dovecot will not start with selinux-policy-targeted 2.6.4-26.fc7
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
7
All Linux
low Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-07-13 11:27 EDT by Daniel Rowe
Modified: 2007-11-30 17:12 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-07-14 23:44:06 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Daniel Rowe 2007-07-13 11:27:37 EDT
Description of problem:

Latest selinux policy stopping Dovecot from working. Dovecot will not load.

type=AVC msg=audit(1184340111.079:62): avc:  denied  { signull } for  pid=6808
comm="dovecot" scontext=user_u:system_r:dovecot_t:s0
tcontext=system_u:system_r:setroubleshootd_t:s0 tclass=process
type=SYSCALL msg=audit(1184340111.079:62): arch=c000003e syscall=62 success=no
exit=-13 a0=adb a1=0 a2=0 a3=0 items=0 ppid=6807 pid=6808 auid=500 uid=0 gid=0
euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="dovecot"
exe="/usr/sbin/dovecot" subj=user_u:system_r:dovecot_t:s0 key=(null)

Version-Release number of selected component (if applicable):

selinux-policy.noarch                    2.6.4-26.fc7       
selinux-policy-targeted.noarch           2.6.4-26.fc7 

How reproducible:

Every time.

Steps to Reproduce:

1. service dovecot start

Actual results:

Dovecot fails to start with selinux deny in logs. 

Expected results:

Dovecot should be able to start.
Comment 1 Daniel Walsh 2007-07-13 11:47:30 EDT
Could you attach the audit.log.  This avc message you attached does not make any
sense.
Comment 2 Daniel Rowe 2007-07-14 23:44:06 EDT
I have tracked it down what this is. The new policy must have caused a relable
of the /var/run/dovecot/master.pid file or the /var/run/dovecot/master.pid file
became mislabled on the last lot of updates for some reason so Dovecot could not
remove it on shut down and restart. Dovecot didn't complain about the master.pid
file until I turned selinux to permissive. At which point it informed of the
stale pid file.

I turned enforcing mode back on and I manually deleted the
/var/run/dovecot/master.pid and now Dovecot runs fine.

Note You need to log in before you can comment on or make changes to this bug.