update from fc3 -> fc4: cyrus/sasl-errors

Roger Grosswiler roger at gwch.net
Sun Jul 31 13:22:32 UTC 2005 

hi,

i recently updated from fc3 to fc4. i use this machine as a mailserver
with cyrus. 1st problem was the database - fixed issue. now, on
authentication, i get errors, will say, with selinux enforcing i cannot
authenticate at all.

from the fc-list i got some help, with a few commands, that should help
better understanding. What can i do, to have this box with selinux
enforcing enabled? ah, yes, in permissive mode it works fine.

here a sniplet of my logs:
> [root at link ~]# ausearch -i -a 9657218
> ----
> type=PATH msg=audit(07/30/05 16:21:20.281:9657218) : item=0 flags=follow inode=262199 dev=fd:00 mode=dir,755 ouid=root ogid=root rdev=00:00
> type=SOCKETCALL msg=audit(07/30/05 16:21:20.281:9657218) : nargs=3 a0=b a1=bfd308fa a2=6e
> type=SOCKADDR msg=audit(07/30/05 16:21:20.281:9657218) : saddr=local /var/run/saslauthd/mux
> type=SYSCALL msg=audit(07/30/05 16:21:20.281:9657218) : arch=i386 syscall=socketcall(connect) success=no exit=-13(Permission denied) a0=3 a1=bfd2e4b0 a2=dd0228 a3=bfd2e513 items=1 pid=28898 auid=root uid=cyrus gid=mail euid=cyrus suid=cyrus fsuid=cyrus egid=mail sgid=mail fsgid=mail comm=imapd exe=/usr/lib/cyrus-imapd/imapd
> type=AVC msg=audit(07/30/05 16:21:20.281:9657218) : avc:  denied  { search } for  pid=28898 comm=imapd name=saslauthd dev=dm-0 ino=262199 scontext=root:system_r:cyrus_t tcontext=system_u:object_r:saslauthd_var_run_t tclass=dir
> 
>> ausearch -i -a 9659874
>>  
>>
> [root at link ~]# ausearch -i -a 9659874
> ----
> type=PATH msg=audit(07/30/05 16:21:24.635:9659874) : item=0 flags=follow inode=262199 dev=fd:00 mode=dir,755 ouid=root ogid=root rdev=00:00
> type=SOCKETCALL msg=audit(07/30/05 16:21:24.635:9659874) : nargs=3 a0=b a1=bfd308fa a2=6e
> type=SOCKADDR msg=audit(07/30/05 16:21:24.635:9659874) : saddr=local /var/run/saslauthd/mux
> type=SYSCALL msg=audit(07/30/05 16:21:24.635:9659874) : arch=i386 syscall=socketcall(connect) success=no exit=-13(Permission denied) a0=3 a1=bfd2e4b0 a2=dd0228 a3=bfd2e513 items=1 pid=28898 auid=root uid=cyrus gid=mail euid=cyrus suid=cyrus fsuid=cyrus egid=mail sgid=mail fsgid=mail comm=imapd exe=/usr/lib/cyrus-imapd/imapd
> type=AVC msg=audit(07/30/05 16:21:24.635:9659874) : avc:  denied  { search } for  pid=28898 comm=imapd name=saslauthd dev=dm-0 ino=262199 scontext=root:system_r:cyrus_t tcontext=system_u:object_r:saslauthd_var_run_t tclass=dir


i hope, you can help.

Thanks a lot
Roger

More information about the fedora-selinux-list mailing list