Connecting to cyrus via sasl and mysql (pam-mysql.so - plugin)

Alexander Dalloz ad+lists at uni-x.org
Sat Jul 30 15:20:52 UTC 2005 

Am Sa, den 30.07.2005 schrieb Roger Grosswiler um 16:25:

> i cannot connect to my cyrus, whilst selinux enabled. Here the snip of
> my log:
> type=AVC msg=audit(1122733280.281:9657218): avc:  denied  { search } for
> pid=28898 comm="imapd" name="saslauthd" dev=dm-0 ino=262199
> scontext=root:system_r:cyrus_t
> tcontext=system_u:object_r:saslauthd_var_run_t tclass=dir
> type=SYSCALL msg=audit(1122733280.281:9657218): arch=40000003
> syscall=102 success=no exit=-13 a0=3 a1=bfd2e4b0 a2=dd0228 a3=bfd2e513
> items=1 pid=28898 auid=0 uid=76 gid=12 euid=76 suid=76 fsuid=76 egid=12
> sgid=12 fsgid=12 comm="imapd" exe="/usr/lib/cyrus-imapd/imapd"
> type=SOCKADDR msg=audit(1122733280.281:9657218):
> saddr=01002F7661722F72756E2F7361736C61757468642F6D75780000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
> type=SOCKETCALL msg=audit(1122733280.281:9657218): nargs=3 a0=b
> a1=bfd308fa a2=6e
> type=PATH msg=audit(1122733280.281:9657218): item=0 flags=1
> inode=262199 dev=fd:00 mode=040755 ouid=0 ogid=0 rdev=00:00
> type=AVC msg=audit(1122733284.635:9659874): avc:  denied  { search } for
> pid=28898 comm="imapd" name="saslauthd" dev=dm-0 ino=262199
> scontext=root:system_r:cyrus_t
> tcontext=system_u:object_r:saslauthd_var_run_t tclass=dir
> type=SYSCALL msg=audit(1122733284.635:9659874): arch=40000003
> syscall=102 success=no exit=-13 a0=3 a1=bfd2e4b0 a2=dd0228 a3=bfd2e513
> items=1 pid=28898 auid=0 uid=76 gid=12 euid=76 suid=76 fsuid=76 egid=12
> sgid=12 fsgid=12 comm="imapd" exe="/usr/lib/cyrus-imapd/imapd"
> type=SOCKADDR msg=audit(1122733284.635:9659874):
> saddr=01002F7661722F72756E2F7361736C61757468642F6D75780000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
> type=SOCKETCALL msg=audit(1122733284.635:9659874): nargs=3 a0=b
> a1=bfd308fa a2=6e
> type=PATH msg=audit(1122733284.635:9659874): item=0 flags=1
> inode=262199 dev=fd:00 mode=040755 ouid=0 ogid=0 rdev=00:00
> 
> 
> ...if selinux is in permissive mode, i can connect without any problem.
> cyrus is set to disabled btw.
> 
> Roger

Citing from the SELinux list:

<quote>
If you take the number after the ':' in the serial number and use
ausearch, you
can make this more understandable. Try:

ausearch -i -a 286451

See if that makes it easier to understand.
</quote>

In your case run:
ausearch -i -a 9657218
ausearch -i -a 9659874

Something broke with selinux-policy-targeted-1.25.3-6 update from last
Thursday? Did your setup run before?

Alexander


-- 
Alexander Dalloz | Enger, Germany | GPG http://pgp.mit.edu 0xB366A773
legal statement: http://www.uni-x.org/legal.html
Fedora Core 2 GNU/Linux on Athlon with kernel 2.6.11-1.35_FC2smp 
Serendipity 17:17:51 up 14 days, 21:50, load average: 0.33, 0.29, 0.19 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20050730/03f86701/attachment-0001.sig>

More information about the fedora-list mailing list