Description of problem: Dovecot and Postfix using LMTP to deliver emails gives AVC denials: type=AVC msg=audit(1314483455.100:17918): avc: denied { search } for pid=6665 comm="lmtp" name="dovecot" dev=vda1 ino=1051484 scontext=system_u:system_r:postfix_smtp_t:s0 tcontext=system _u:object_r:dovecot_var_run_t:s0 tclass=dir type=AVC msg=audit(1313879594.357:17253): avc: denied { search } for pid=16163 comm="lmtp" name="dovecot" dev=vda1 ino=1051484 scontext=unconfined_u:system_r:postfix_smtp_t:s0 tcontext=system_u:object_r:dovecot_var_run_t:s0 tclass=dir type=AVC msg=audit(1313879594.357:17253): avc: denied { write } for pid=16163 comm="lmtp" name="lmtp" dev=vda1 ino=1044671 scontext=unconfined_u:system_r:postfix_smtp_t:s0 tcontext=unconfined_u:object_r:dovecot_var_run_t:s0 tclass=sock_file type=AVC msg=audit(1313879594.357:17253): avc: denied { connectto } for pid=16163 comm="lmtp" path="/var/run/dovecot/lmtp" scontext=unconfined_u:system_r:postfix_smtp_t:s0 tcontext=unconfined_u:system_r:dovecot_t:s0 tclass=unix_stream_socket type=SYSCALL msg=audit(1313879594.357:17253): arch=c000003e syscall=42 success=yes exit=0 a0=e a1=7fff30c63870 a2=6e a3=7fff30c63510 items=0 ppid=16100 pid=16163 auid=0 uid=89 gid=89 euid=89 suid=89 fsuid=89 egid=89 sgid=89 fsgid=89 tty=(none) ses=25 comm="lmtp" exe="/usr/libexec/postfix/lmtp" subj=unconfined_u:system_r:postfix_smtp_t:s0 key=(null) Version-Release number of selected component (if applicable): selinux-policy-3.9.7-44.fc14.noarch selinux-policy-targeted-3.9.7-44.fc14.noarch How reproducible: Always Steps to Reproduce: 1. Postfix configuration: mailbox_transport = lmtp:unix:/var/run/dovecot/lmtp 2. Dovecot configuration: service lmtp { unix_listener lmtp { mode = 0660 group = postfix user = postfix } 3. Receive an email Actual results: selinux denials Expected results: No selinux denials Additional info: Message from Dominick Grift on selinux list to solve it: mkdir ~/mypostfix; cd ~/mypostfix; echo "policy_module(mypostfix, 1.0.0) optional_policy(\` gen_require(\` type postfix_smtp_t; ') dovecot_stream_connect(postfix_smtp_t)')" > mypostfix.te; make -f /usr/share/selinux/devel/Makefile mypostfix.pp sudo semodule -i mypostfix.pp
Fixed in selinux-policy-3.9.7-45.fc14
(In reply to comment #1) > Fixed in selinux-policy-3.9.7-45.fc14 It certainly is :)
selinux-policy-3.9.7-46.fc14 has been submitted as an update for Fedora 14. https://admin.fedoraproject.org/updates/selinux-policy-3.9.7-46.fc14
Package selinux-policy-3.9.7-46.fc14: * should fix your issue, * was pushed to the Fedora 14 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.9.7-46.fc14' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2011-14734 then log in and leave karma (feedback).
selinux-policy-3.9.7-46.fc14 has been pushed to the Fedora 14 stable repository. If problems still persist, please make note of it in this bug report.