Created attachment 313765 [details] SE Linux rules added to make both Exim & Dovecot work with above config. Description of problem: Unable to use dovecot auth inside of Exim Version-Release number of selected component (if applicable): dovecot-1.0.15-10.fc9.i386 exim-4.69-4.fc9.i386 selinux-policy-3.3.1-79.fc9.noarch SELinux status: enabled SELinuxfs mount: /selinux Current mode: enforcing Mode from config file: enforcing Policy version: 22 Policy from config file: targeted How reproducible: 100% Steps to Reproduce: 1. Install / configure FreeIPA 2. Add following to exim config begin authenticators gssapi: driver = dovecot server_advertise_condition = yes public_name = GSSAPI server_socket = /var/run/dovecot/auth-client 3. Uncomment the following lines in dovecot config socket listen { client { path = /var/run/dovecot/auth-client user = dovecot group = exim mode = 0660 } } Actual results: SELinux denies from both dovecot & exim Expected results: Auth via KRB5 ticket for IMAP & SMTP Additional info: Possibly a sebool would be nice to correct this, since not everyone is going to need this functionality. Attached local policy created to correct issue on my box.
These changes are good. Fixed in selinux-policy-3.3.1-85.fc9.noarch
Closing all bugs that have been in modified for over a month. Please reopen if the bug is not actually fixed.