The following was filed automatically by setroubleshoot: Résumé: SELinux is preventing /usr/sbin/dovecot "getcap" access. Description détaillée: SELinux denied access requested by dovecot. It is not expected that this access is required by dovecot and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Autoriser l'accès: You can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Please file a bug report. Informations complémentaires: Contexte source system_u:system_r:dovecot_t:s0 Contexte cible system_u:system_r:dovecot_t:s0 Objets du contexte None [ process ] source dovecot Chemin de la source /usr/sbin/dovecot Port <Inconnu> Hôte (removed) Paquetages RPM source dovecot-1.2.5-2.fc12 Paquetages RPM cible Politique RPM selinux-policy-3.6.32-11.fc12 Selinux activé True Type de politique targeted MLS activé True Mode strict Enforcing Nom du plugin catchall Nom de l'hôte (removed) Plateforme Linux (removed) 2.6.31.1-48.fc12.x86_64 #1 SMP Fri Sep 25 16:57:40 EDT 2009 x86_64 x86_64 Compteur d'alertes 7 Première alerte mar. 29 sept. 2009 19:45:02 CEST Dernière alerte mar. 29 sept. 2009 22:20:20 CEST ID local 91db61b6-a5b6-48fb-b351-7d326fff8207 Numéros des lignes Messages d'audit bruts node=(removed) type=AVC msg=audit(1254255620.913:9): avc: denied { getcap } for pid=1680 comm="dovecot" scontext=system_u:system_r:dovecot_t:s0 tcontext=system_u:system_r:dovecot_t:s0 tclass=process node=(removed) type=SYSCALL msg=audit(1254255620.913:9): arch=c000003e syscall=125 success=no exit=-13 a0=f98834 a1=0 a2=7f34b1094e80 a3=7fff01feb790 items=0 ppid=1 pid=1680 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="dovecot" exe="/usr/sbin/dovecot" subj=system_u:system_r:dovecot_t:s0 key=(null) Hash String generated from selinux-policy-3.6.32-11.fc12,catchall,dovecot,dovecot_t,dovecot_t,process,getcap audit2allow suggests: #============= dovecot_t ============== allow dovecot_t self:process getcap;
I will add getcap and setcap Fixed in selinux-policy-3.6.32-12.fc12.noarch