From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; fr-FR; rv:1.8.1.9) Gecko/20071105 Fedora/2.0.0.9-1.fc7 Firefox/2.0.0.9 Description of problem: Since I've upgraded to dovecot-1.0.7-16 on my F7 box, trying to access my mailboxes causes an selinux denial : SELinux is preventing /usr/libexec/dovecot/dovecot-auth (dovecot_auth_t) "create" to <Unknown> (dovecot_auth_t). Version-Release number of selected component (if applicable): dovecot-1.0.7-16.fc7 How reproducible: Always Steps to Reproduce: 1. upgrade to dovecot-1.0.7-16.fc7 2. try to get your emails Actual Results: SELinux denial Expected Results: Should get my mails Additional info: sealert reports : Summary SELinux is preventing /usr/libexec/dovecot/dovecot-auth (dovecot_auth_t) "create" to <Unknown> (dovecot_auth_t). Detailed Description SELinux denied access requested by /usr/libexec/dovecot/dovecot-auth. It is not expected that this access is required by /usr/libexec/dovecot/dovecot- auth and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access You can generate a local policy module to allow this access - see http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package. Additional Information Source Context user_u:system_r:dovecot_auth_t Target Context user_u:system_r:dovecot_auth_t Target Objects None [ netlink_audit_socket ] Affected RPM Packages dovecot-1.0.7-16.fc7 [application] Policy RPM selinux-policy-2.6.4-49.fc7 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name plugins.catchall Host Name odysseus Platform Linux odysseus 2.6.22.9-91.fc7 #1 SMP Thu Sep 27 20:47:39 EDT 2007 x86_64 x86_64 Alert Count 60 First Seen Tue Nov 13 07:22:47 2007 Last Seen Wed Nov 14 12:34:51 2007 Local ID b1686255-1b8a-49b1-a545-6ffc7202e13b Line Numbers Raw Audit Messages avc: denied { create } for comm="dovecot-auth" egid=0 euid=0 exe="/usr/libexec/dovecot/dovecot-auth" exit=-13 fsgid=0 fsuid=0 gid=0 items=0 pid=32064 scontext=user_u:system_r:dovecot_auth_t:s0 sgid=0 subj=user_u:system_r:dovecot_auth_t:s0 suid=0 tclass=netlink_audit_socket tcontext=user_u:system_r:dovecot_auth_t:s0 tty=(none) uid=0
I believe this is fixed in selinux-policy-2.6.4-57.fc7
It's possible, "unfortunately" I've switched to F8, so I cannot verify :-)