SELinux won't let dovecot connect to postgresql
David P. Quigley
dpquigl at tycho.nsa.gov
Mon Nov 30 13:05:12 UTC 2009
On Sun, 2009-11-29 at 01:11 -0500, Roland Roberts wrote:
> Thomas Harold wrote:
> > On 11/29/2009 12:49 AM, Roland Roberts wrote:
> >> But it doesn't seem to include the init.d file, or is rpm -qil not
> >> telling me what I think it is telling me:
> >>
> >> 572 root> rpm -qil setroubleshoot-server | grep /etc
> >> /etc/audisp/plugins.d/sedispatch.conf
> >> /etc/dbus-1/system.d/org.fedoraproject.Setroubleshootd.conf
> >> /etc/logrotate.d/setroubleshoot
> >> /etc/setroubleshoot
> >> /etc/setroubleshoot/setroubleshoot.cfg
> >>
> >
> > Not sure, that's sounding more like a Fedora issue then an SELinux
> > issue (and I'm not running Fedora, I'm running RHEL/CentOS). But a
> > bit of google-fu turned up:
> >
> > http://osdir.com/ml/fedora-selinux/2009-06/msg00053.html
> >
> > (the linked message was posted by Daniel J Walsh)
> >
> > Basically, they've restructured things back in June 2009. So you'll
> > probably have to go digging in the audit.log file for the AVC messages.
> >
> > # grep "AVC" /var/log/audit/audit.log
>
> Thanks. Maybe I'll file a report with bugzilla. Not sure that my
> missing messages are a bug, but there is nothing in
> /var/log/audit/audit.log with "avc". In any event, it's past my bedtime
> here for today
>
> g'nite.
>
> roland
>
Just as a bit of advice for the future. You are better off using the
ausearch command to find denials. You can narrow it down to just AVC
denials by using ausearch -m AVC. After that you can restrict based on
time using some of the other flags for the utility.
Dave
More information about the fedora-selinux-list
mailing list