Created attachment 588563 [details] selinux dovecot imap alert details Description of problem: selinux is preventing dovecot-imap from accessing Maildir. Version-Release number of selected component (if applicable): 3.10.0-125 How reproducible: Always. Steps to Reproduce: 1. Start dovecot imap 2. Wait 3. Actual results: selinux security alerts Expected results: No alerts Additional info: selinux is preventing various accesses: getattr, open, etc etc I've changed to permissive mode to allow it all to work. Attached are some example details.
Fixed in selinux-policy-3.10.0-129.fc17
Thanks.
selinux-policy-3.10.0-130.fc17 has been submitted as an update for Fedora 17. https://admin.fedoraproject.org/updates/selinux-policy-3.10.0-130.fc17
3.10.0-130 is OK as it goes, but I am now getting selinux failures for dovecot-imap on dovecot-uidlist.lock (unlink, add_name, remove_name, create), dovecot.index.log (write), and dovecot-uidlist.tmp (rename). Attempting to install a policy for these gives the error: libsepol.print_missing_requirements: dovecot's global requirements were not met: type/attribute dovecot_t (No such file or directory).
Could you add AVC msgs?
Created attachment 591175 [details] selinux dovecot imap alert details Attached as requested.
9e1b6760c12b739877b0a6ca70eb77290132a66c should fix this.
Fixed in selinux-policy-3.10.0-131.fc17
Package selinux-policy-3.10.0-130.fc17: * should fix your issue, * was pushed to the Fedora 17 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.10.0-130.fc17' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-9520/selinux-policy-3.10.0-130.fc17 then log in and leave karma (feedback).
selinux-policy-3.10.0-130.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.