dovecot wants to access squid cache dir

Vikram Goyal vikigoyal at gmail.com
Sat Mar 10 13:28:39 UTC 2007 

hello,

I am using FC6. Running selinux in targeted mode.

selinux-policy-targeted-2.4.6-41
dovecot-1.0-1.1.rc15.fc6

Using dovecot I get the following audit messages.
----------------------------------------------------------------
type=USER_AUTH msg=audit(1173532461.741:31): user pid=14121 uid=0 auid=500 subj=user_u:system_r:dovecot_auth_t:s0 msg='PAM: authentication acct=vikram : exe="/usr/libexec/dovecot/dovecot-auth" (hostname=::ffff:127.0.0.1, addr=::ffff:127.0.0.1, terminal=dovecot res=success)'
type=USER_ACCT msg=audit(1173532461.753:32): user pid=14121 uid=0 auid=500 subj=user_u:system_r:dovecot_auth_t:s0 msg='PAM: accounting acct=vikram : exe="/usr/libexec/dovecot/dovecot-auth" (hostname=::ffff:127.0.0.1, addr=::ffff:127.0.0.1, terminal=dovecot res=success)'
type=AVC msg=audit(1173532461.781:33): avc:  denied  { getattr } for  pid=14124 comm="dovecot" name="/" dev=sda6 ino=2 scontext=user_u:system_r:dovecot_t:s0 tcontext=system_u:object_r:sbin_t:s0 tclass=dir
type=SYSCALL msg=audit(1173532461.781:33): arch=40000003 syscall=195 success=no exit=-13 a0=8f6a942 a1=bfff2068 a2=a5bff4 a3=8f6a94d items=0 ppid=14104 pid=14124 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=500 sgid=0 fsgid=500 tty=(none) comm="dovecot" exe="/usr/sbin/dovecot" subj=user_u:system_r:dovecot_t:s0 key=(null)
type=AVC_PATH msg=audit(1173532461.781:33):  path="/usr/sbin"
type=AVC msg=audit(1173532461.785:34): avc:  denied  { getattr } for  pid=14124 comm="dovecot" name="/" dev=sda11 ino=2 scontext=user_u:system_r:dovecot_t:s0 tcontext=system_u:object_r:squid_cache_t:s0 tclass=dir
type=SYSCALL msg=audit(1173532461.785:34): arch=40000003 syscall=195 success=no exit=-13 a0=8f6a943 a1=bfff2068 a2=a5bff4 a3=8f6a955 items=0 ppid=14104 pid=14124 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=500 sgid=0 fsgid=500 tty=(none) comm="dovecot" exe="/usr/sbin/dovecot" subj=user_u:system_r:dovecot_t:s0 key=(null)
type=AVC_PATH msg=audit(1173532461.785:34):  path="/var/spool/squid"
----------------------------------------------------------------

The advice audit2allow gives me:

root at fc6host ~]# audit2allow
allow dovecot_t sbin_t:dir getattr;
allow dovecot_t squid_cache_t:dir getattr;

I have allowed it for now but I'm not sure.

please advice.

Thanks!
-- 
vikram...
         ||||||||
         ||||||||
^^'''''^^||root||^^^'''''''^^
        // \\   ))
       //(( \\// \\
      // /\\ ||   \\
     || / )) ((    \\
-- 
DISCLAIMER:
Use of this advanced computing technology does not imply an endorsement
of Western industrial civilization.
-- 
 .
 -
~|~
 =
Registered Linux User #285795

More information about the fedora-selinux-list mailing list