Description of problem: The imap server "dovecot" uses a hard link which does not conform with the SELinux strict/mls policy. The attached patch should solve the problem and was merged into refpolicy-trunk (today). I'm not sure if the patch will work on the RedHat policy tree but it is not too big and can be merged easily by hand. For reference: http://marc.info/?l=selinux&m=118830456207512&w=2 http://marc.info/?l=selinux&m=120379039220753&w=2 Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
Created attachment 295832 [details] dovecot file context
Created attachment 295834 [details] dovecot interface changes
Created attachment 295835 [details] init.te patch
The FC fix is already in selinux-policy-2.4.6-121.el5 The other fixes might have to wait for U3, since it is currently frozen Fixed in selinux-policy-2.4.6-124.el5
This request was evaluated by Red Hat Product Management for inclusion, but this component is not scheduled to be updated in the current Red Hat Enterprise Linux release. If you would like this request to be reviewed for the next minor release, ask your support representative to set the next rhel-x.y flag to "?".
Stefan, you can try the new policy available here: http://people.redhat.com/dwalsh/SELinux/RHEL5/noarch/
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2008-0465.html