Still having problems with SELinux and Dovecot
Daniel J Walsh
dwalsh at redhat.com
Wed Dec 14 21:51:22 UTC 2005
Mark Evers wrote:
> Well, i still have problems with SELinux and Dovecot, when i do a
> reboot i get a error
> Starting Dovecot Imap: Fatal: Can't open configuration file
> /etc/dovecot.conf: Permission denied
>
> and in the audit.log i find this error
>
> type=AVC msg=audit(1134595859.843:208): avc: denied { read } for
> pid=26990 comm="dovecot" name="dovecot.conf" dev=dm-0 ino=197586
> scontext=system_u:system_r:dovecot_t
> tcontext=system_u:object_r:etc_runtime_t tclass=file
> type=SYSCALL msg=audit(1134595859.843:208): arch=40000003 syscall=5
> success=no exit=-13 a0=8058a3e a1=8000 a2=0 a3=8000 items=1 pid=26990
> auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
> fsgid=0 comm="dovecot" exe="/usr/sbin/dovecot"
> type=CWD msg=audit(1134595859.843:208): cwd="/usr/libexec/webmin/dovecot"
> type=PATH msg=audit(1134595859.843:208): item=0
> name="/etc/dovecot.conf" flags=101 inode=197586 dev=fd:00
> mode=0100644 ouid=0 ogid=0 rdev=00:00
>
> I can only fix this by doing a "fixfiles relabel" and "touch
> ./autorelabel" and then it works again, till the next reboot..
>
> Is there a way to fix this? or is there a way to exclude dovecot from
> SELinux??
>
restorecon /etc/dovecot.conf
How does that file get created? Is it being created by an init script?
Basically its context is wrong, Should be dovecot_etc_t not etc_runtime_t.
> Mark Evers
>
> ------------------------------------------------------------------------
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
--
More information about the fedora-selinux-list
mailing list