Description of problem: When trying to test kerberos configuration for cyrus-imap, I have found that saslauthd tries to open /etc/krb5.conf for writing, which is undesirable. Version-Release number of selected component (if applicable): cyrus-sasl-2.1.22-4 How reproducible: always Steps to Reproduce: Please see the bug #506717. Actual results: Jun 18 09:04:08 i386-5s-m1 setroubleshoot: SELinux is preventing saslauthd (saslauthd_t) "write" to ./krb5.conf (etc_t). For complete SELinux messages. run sealert -l 7ab49091-add8-438c-bd2f-d8d54bdc7f56 Expected results: (no errors) Additional info:
The problem is your krb5.conf file is mislabled. restorecon /etc/krb5.conf will fix it. The kerberos libraries run access checks on all of their config files which causes this bogus access. So in policy we dontaudit all attempts to write to /etc/krb5.conf, although we expect it to be labeled krb5_conf_t.