SELinux won't let dovecot connect to postgresql

Roland Roberts roland at astrofoto.org
Sun Nov 29 04:35:56 UTC 2009 

I'm running Fedora 11 x86_64 with the dovecot and dovecot-pgsql RPMs 
installed.  I have a small user database set up for email authentication. 

The issue I'm having is that when I am in enforcing mode, dovecot can't 
connect to the database.  Turning off enforcing mode lets it work.  I'm 
having trouble diagnosing where the denial is taking place as I don't 
see any avc messages in /var/log/messages that relate to dovecot.  The 
only messages I'm getting are in /var/log/maillog from dovecot like this:

Nov 28 22:23:11 fred dovecot: auth(default): pgsql: Connect failed to 
maildb: could not connect to server: Permission denied
Nov 28 22:23:11 fred dovecot: auth(default): #011Is the server running 
on host "fred.flinstone.org" and accepting
Nov 28 22:23:11 fred dovecot: auth(default): #011TCP/IP connections on 
port 5432?

The answer to the questions is "yes" it is running and accepting 
connections.  Whether or not enforcing mode is on, when logged in, I can 
connect to the database via

$ psql -h fred.flinstone.org maildb

I *think* this is a result of updating on Nov 18.  I have not changed 
the default selinux mode since the host was set up back in September.  
At that point, I set it to enforcing mode after working out a few 
issues.  On Nov 18, a lot of things were updated, but among there were

Nov 18 10:00:02 Updated: kernel-firmware-2.6.30.9-96.fc11.noarch
Nov 18 10:00:15 Updated: kernel-headers-2.6.30.9-96.fc11.x86_64
Nov 18 10:00:28 Installed: kernel-devel-2.6.30.9-96.fc11.x86_64
Nov 18 10:01:30 Installed: kernel-2.6.30.9-96.fc11.x86_64
Nov 18 10:02:01 Updated: selinux-policy-3.6.12-86.fc11.noarch
Nov 18 10:02:46 Updated: selinux-policy-targeted-3.6.12-86.fc11.noarch

Today, I did another update, hoping it would cure the problem and got 
these revisions

Nov 28 10:57:33 Updated: selinux-policy-3.6.12-88.fc11.noarch
Nov 28 10:57:47 Updated: selinux-policy-targeted-3.6.12-88.fc11.noarch

but the behavior is unchanged, I still have to turn off enforcing mode.

Any clues on what I need to do to get this to work?  Or where to look 
for clues since, as I mentioned, I can't even find log entries that 
would clue me in.

roland

-- 
		       PGP Key ID: 66 BC 3B CD
Roland B. Roberts, PhD                             RL Enterprises
roland at rlenter.com                            6818 Madeline Court
roland at astrofoto.org                           Brooklyn, NY 11220

More information about the fedora-selinux-list mailing list