dovecot - Apr 2017 - SELinux policy to allow Dovecot to connect to Mysql

As I have noted in previous messages, I been getting the following on my 
new mailserver:

Apr  7 10:17:27 z9m9z dovecot: dict: Error: mysql(localhost): Connect 
failed to database (postfix): Can't connect to local MySQL server 
through socket '/var/lib/mysql/mysql.sock' (13) - waiting for 25 seconds
before retry

They go away when I setenforce 0.  It is not a timing issue as I earlier 
thought.

So I googled dovecot mysql selinux and the only worthwhile hit was:

http://zszsit.blogspot.com/2012/12/dovecot-mysql-selinux-issue-on-centos6.html

that provides a /etc/selinux/dovecot2mysql.te and other selinux stuff.

Is there a simpler way like a setsbool option?

With all the howtos on dovecot with mysql, it is interesting that none 
of them seem to have this problem.  Maybe because they connect to mysql 
through TCP port 3306 which has ITS set of problems (like MariaDB 
defaults to not listening on TCP).

thanks!

The strange thing is that dovecot auth has no problem connecting to 
mysql, but the quota query is what is failing.

On 04/07/2017 10:43 AM, Robert Moskowitz wrote:
> As I have noted in previous messages, I been getting the following on 
> my new mailserver:
>
> Apr  7 10:17:27 z9m9z dovecot: dict: Error: mysql(localhost): Connect 
> failed to database (postfix): Can't connect to local MySQL server 
> through socket '/var/lib/mysql/mysql.sock' (13) - waiting for 25 
> seconds before retry
>
> They go away when I setenforce 0.  It is not a timing issue as I 
> earlier thought.
>
> So I googled dovecot mysql selinux and the only worthwhile hit was:
>
>
http://zszsit.blogspot.com/2012/12/dovecot-mysql-selinux-issue-on-centos6.html
>
>
> that provides a /etc/selinux/dovecot2mysql.te and other selinux stuff.
>
> Is there a simpler way like a setsbool option?
>
> With all the howtos on dovecot with mysql, it is interesting that none 
> of them seem to have this problem.  Maybe because they connect to 
> mysql through TCP port 3306 which has ITS set of problems (like 
> MariaDB defaults to not listening on TCP).
>
> thanks!
>

I reread my sql.conf.ext files and realized they were actually 
connecting to localhost.  So I did some googling, and found how to 
connect to the socket:

connect = host=/var/lib/mysql/mysql.sock dbname=postfix user=postfix 
password=Postfix_Database_Password

And all fixed.  No more failures.  Plus probably securer.

On 04/07/2017 10:57 AM, Robert Moskowitz wrote:
> The strange thing is that dovecot auth has no problem connecting to 
> mysql, but the quota query is what is failing.
>
> On 04/07/2017 10:43 AM, Robert Moskowitz wrote:
>> As I have noted in previous messages, I been getting the following on 
>> my new mailserver:
>>
>> Apr  7 10:17:27 z9m9z dovecot: dict: Error: mysql(localhost): Connect 
>> failed to database (postfix): Can't connect to local MySQL server 
>> through socket '/var/lib/mysql/mysql.sock' (13) - waiting for
25
>> seconds before retry
>>
>> They go away when I setenforce 0.  It is not a timing issue as I 
>> earlier thought.
>>
>> So I googled dovecot mysql selinux and the only worthwhile hit was:
>>
>>
http://zszsit.blogspot.com/2012/12/dovecot-mysql-selinux-issue-on-centos6.html
>>
>>
>> that provides a /etc/selinux/dovecot2mysql.te and other selinux stuff.
>>
>> Is there a simpler way like a setsbool option?
>>
>> With all the howtos on dovecot with mysql, it is interesting that 
>> none of them seem to have this problem.  Maybe because they connect 
>> to mysql through TCP port 3306 which has ITS set of problems (like 
>> MariaDB defaults to not listening on TCP).
>>
>> thanks!
>>
>