selinux-policy-targeted 1.25.4-10 and dovecot

Paul Howarth paul at
Tue Aug 30 15:02:11 UTC 2005

I notice in the changelog that a recent change was:

* Wed Aug 17 2005 Dan Walsh <dwalsh at> 1.25.4-4
- Add more access for amanda
- Allow dovecot to create files in mail_spool_t

Having installed the updated policy this morning, I found I had to add a 
local rule:

allow dovecot_t mail_spool_t:file write;

This is needed to allow dovecot to delete mail from the mail spool file 
(I use dovecot in pop3 mode). I'm surprised this wasn't the default - is 
there a good reason why it isn't?

Cheers, Paul.

P.S. there is still a problem with pptp - in pppd.fc

# Fix pptp sockets
/var/run/pptp(/.*)?	--	system_u:object_r:pptp_var_run_t

should read:

# Fix pptp sockets
/var/run/pptp(/.*)?		system_u:object_r:pptp_var_run_t

because /var/run/pptp is a directory and the items in that directory 
should be sockets, not regular files.

More information about the fedora-selinux-list mailing list