Description of problem: Configuration : postfix + amavisd + dovecot + dovecot-lda + sqlgrey Connected on this remote virtual machine running mail server using Virtual Manager. This message concerns my current connection to this server everything seems to work normally except this message that appears periodically. NOTES : ls -lZ /sys/fs/fuse/connections gives back : system_u:object_r:fusefs_t:s0 even after /sbin/restorecon -v /sys/fs/fuse/connections command I guess this is only a misfit between what SELinux is waiting for and the default policy Best Regards Additional info: libreport version: 2.0.18 kernel: 3.7.3-101.fc17.x86_64 description: :SELinux is preventing /usr/libexec/dovecot/dovecot-lda from 'getattr' accesses on the directory /sys/fs/fuse/connections. : :***** Plugin restorecon (99.5 confidence) suggests ************************* : :If you want to fix the label. :/sys/fs/fuse/connections default label should be sysfs_t. :Then you can run restorecon. :Do :# /sbin/restorecon -v /sys/fs/fuse/connections : :***** Plugin catchall (1.49 confidence) suggests *************************** : :If you believe that dovecot-lda should be allowed getattr access on the connections directory by default. :Then you should report this as a bug. :You can generate a local policy module to allow this access. :Do :allow this access for now by executing: :# grep deliver /var/log/audit/audit.log | audit2allow -M mypol :# semodule -i mypol.pp : :Additional Information: :Source Context system_u:system_r:dovecot_deliver_t:s0 :Target Context system_u:object_r:fusefs_t:s0 :Target Objects /sys/fs/fuse/connections [ dir ] :Source deliver :Source Path /usr/libexec/dovecot/dovecot-lda :Port <Inconnu> :Host (removed) :Source RPM Packages dovecot-2.1.13-1.fc17.x86_64 :Target RPM Packages :Policy RPM selinux-policy-3.10.0-166.fc17.noarch :Selinux Enabled True :Policy Type targeted :Enforcing Mode Enforcing :Host Name (removed) :Platform Linux (removed) 3.7.3-101.fc17.x86_64 #1 SMP Fri : Jan 18 17:40:57 UTC 2013 x86_64 x86_64 :Alert Count 1 :First Seen 2013-01-31 13:43:10 CET :Last Seen 2013-01-31 13:43:10 CET :Local ID ad15c30f-fe35-4c8e-8746-315e438d7243 : :Raw Audit Messages :type=AVC msg=audit(1359636190.758:390): avc: denied { getattr } for pid=3442 comm="deliver" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=system_u:system_r:dovecot_deliver_t:s0 tcontext=system_u:object_r:fusefs_t:s0 tclass=dir : : :type=SYSCALL msg=audit(1359636190.758:390): arch=x86_64 syscall=stat success=no exit=EACCES a0=ee0cd8 a1=7fff033e3a90 a2=7fff033e3a90 a3=0 items=0 ppid=3441 pid=3442 auid=4294967295 uid=5000 gid=5000 euid=5000 suid=5000 fsuid=5000 egid=5000 sgid=5000 fsgid=5000 ses=4294967295 tty=(none) comm=deliver exe=/usr/libexec/dovecot/dovecot-lda subj=system_u:system_r:dovecot_deliver_t:s0 key=(null) : :Hash: deliver,dovecot_deliver_t,fusefs_t,dir,getattr : :audit2allow : :#============= dovecot_deliver_t ============== :#!!!! This avc can be allowed using the boolean 'use_fusefs_home_dirs' : :allow dovecot_deliver_t fusefs_t:dir getattr; : :audit2allow -R : :#============= dovecot_deliver_t ============== :#!!!! This avc can be allowed using the boolean 'use_fusefs_home_dirs' : :allow dovecot_deliver_t fusefs_t:dir getattr; :
Created attachment 691134 [details] File: type
Created attachment 691135 [details] File: hashmarkername
You will need to turn on the use_fusefs_home_dirs boolean. # setsebool -P use_fusefs_home_dirs 1