This service will be undergoing maintenance at 00:00 UTC, 2016-08-01. It is expected to last about 1 hours
Bug 434843 - IMAP server "dovecot" policy fix
IMAP server "dovecot" policy fix
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: selinux-policy (Show other bugs)
5.0
All Linux
low Severity low
: rc
: ---
Assigned To: Daniel Walsh
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-02-25 14:56 EST by Stefan Schulze Frielinghaus
Modified: 2008-05-21 12:07 EDT (History)
2 users (show)

See Also:
Fixed In Version: RHBA-2008-0465
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-05-21 12:07:12 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
dovecot file context (532 bytes, patch)
2008-02-25 14:56 EST, Stefan Schulze Frielinghaus
no flags Details | Diff
dovecot interface changes (726 bytes, patch)
2008-02-25 14:57 EST, Stefan Schulze Frielinghaus
no flags Details | Diff
init.te patch (561 bytes, patch)
2008-02-25 14:57 EST, Stefan Schulze Frielinghaus
no flags Details | Diff

  None (edit)
Description Stefan Schulze Frielinghaus 2008-02-25 14:56:25 EST
Description of problem:
The imap server "dovecot" uses a hard link which does not conform with the
SELinux strict/mls policy. The attached patch should solve the problem and was
merged into refpolicy-trunk (today). I'm not sure if the patch will work on the
RedHat policy tree but it is not too big and can be merged easily by hand.

For reference:
http://marc.info/?l=selinux&m=118830456207512&w=2
http://marc.info/?l=selinux&m=120379039220753&w=2

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Stefan Schulze Frielinghaus 2008-02-25 14:56:25 EST
Created attachment 295832 [details]
dovecot file context
Comment 2 Stefan Schulze Frielinghaus 2008-02-25 14:57:09 EST
Created attachment 295834 [details]
dovecot interface changes
Comment 3 Stefan Schulze Frielinghaus 2008-02-25 14:57:58 EST
Created attachment 295835 [details]
init.te patch
Comment 4 Daniel Walsh 2008-02-26 10:35:17 EST
The FC fix is already in selinux-policy-2.4.6-121.el5

The other fixes might have to wait for U3, since it is currently frozen

Fixed in selinux-policy-2.4.6-124.el5
Comment 5 RHEL Product and Program Management 2008-03-05 17:07:49 EST
This request was evaluated by Red Hat Product Management for
inclusion, but this component is not scheduled to be updated in
the current Red Hat Enterprise Linux release. If you would like
this request to be reviewed for the next minor release, ask your
support representative to set the next rhel-x.y flag to "?".
Comment 10 Eduard Benes 2008-04-14 09:06:44 EDT
Stefan, you can try the new policy available here:

  http://people.redhat.com/dwalsh/SELinux/RHEL5/noarch/
Comment 12 errata-xmlrpc 2008-05-21 12:07:12 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2008-0465.html

Note You need to log in before you can comment on or make changes to this bug.