Still having problems with SELinux and Dovecot

Daniel J Walsh dwalsh at
Wed Dec 14 21:51:22 UTC 2005

Mark Evers wrote:
> Well, i still have problems with SELinux and Dovecot, when i do a 
> reboot i get a error
> Starting Dovecot Imap: Fatal: Can't open configuration file 
> /etc/dovecot.conf: Permission denied
> and in the audit.log i find this error
> type=AVC msg=audit(1134595859.843:208): avc:  denied  { read } for  
> pid=26990 comm="dovecot" name="dovecot.conf" dev=dm-0 ino=197586 
> scontext=system_u:system_r:dovecot_t 
> tcontext=system_u:object_r:etc_runtime_t tclass=file
> type=SYSCALL msg=audit(1134595859.843:208): arch=40000003 syscall=5 
> success=no exit=-13 a0=8058a3e a1=8000 a2=0 a3=8000 items=1 pid=26990 
> auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 
> fsgid=0 comm="dovecot" exe="/usr/sbin/dovecot"
> type=CWD msg=audit(1134595859.843:208):  cwd="/usr/libexec/webmin/dovecot"
> type=PATH msg=audit(1134595859.843:208): item=0 
> name="/etc/dovecot.conf" flags=101  inode=197586 dev=fd:00 
> mode=0100644 ouid=0 ogid=0 rdev=00:00
> I can only fix this by doing a "fixfiles relabel" and "touch 
> ./autorelabel" and then it works again, till the next reboot..
> Is there a way to fix this? or is there a way to exclude dovecot from 
> SELinux??
restorecon /etc/dovecot.conf

How does that file get created?  Is it being created by an init script?

Basically its context is wrong, Should be dovecot_etc_t  not etc_runtime_t.

> Mark Evers
> ------------------------------------------------------------------------
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at


More information about the fedora-selinux-list mailing list