Hi, I'm trying to grant dovecot the ability to manage its socket within the postfix spool directory. I have added the below to file_contexts.local : /var/spool/postfix/private/dovecot-auth system_u:system_r:dovecot_t:s0 However, running "restorecon -v /var/spool/postfix/private/dovecot-auth" gives me the following error : restorecon: lstat(/var/spool/postfix/private/dovecot-auth) failed: No such file or directory I cannot create the socket file in advance, because dovecot manages it, and if you "touch" the file, dovecot complains. Where am I going wrong ? Thanks ! Tim
Hello, restorecon works only for existing files, for new files you are looking for file transition rule. Google that out, there is plenty of articles on that topic, for example: https://fedoraproject.org/wiki/Features/SELinuxFileNameTransition LZ 2017-01-23 19:57 GMT+01:00 Tim Smith <r.a.n.d.o.m.d.e.v.4+centos at gmail.com>:> Hi, > > I'm trying to grant dovecot the ability to manage its socket within > the postfix spool directory. > > I have added the below to file_contexts.local : > > /var/spool/postfix/private/dovecot-auth system_u:system_r:dovecot_t:s0 > > > However, running "restorecon -v > /var/spool/postfix/private/dovecot-auth" gives me the following error > : > > restorecon: lstat(/var/spool/postfix/private/dovecot-auth) failed: > No such file or directory > > > I cannot create the socket file in advance, because dovecot manages > it, and if you "touch" the file, dovecot complains. > > Where am I going wrong ? > > Thanks ! > > Tim > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos >-- S pozdravem / Best regards Lukas Zapletal
Thanks for the pointer, will take a look down that route. Could you confirm the below is expected behaviour on Centos ? # semanage fcontext -a -t my_postfixauth_private_t "/var/spool/postfix/private(/.*)?" ValueError: Type my_postfixauth_private_t is invalid, must be a file or device type On 23 January 2017 at 19:06, Lukas Zapletal <lukas at zapletalovi.com> wrote:> Hello, > > restorecon works only for existing files, for new files you are looking for > file transition rule. > > Google that out, there is plenty of articles on that topic, for example: > > https://fedoraproject.org/wiki/Features/SELinuxFileNameTransition > > LZ > > 2017-01-23 19:57 GMT+01:00 Tim Smith <r.a.n.d.o.m.d.e.v.4+centos at gmail.com>: > >> Hi, >> >> I'm trying to grant dovecot the ability to manage its socket within >> the postfix spool directory. >> >> I have added the below to file_contexts.local : >> >> /var/spool/postfix/private/dovecot-auth system_u:system_r:dovecot_t:s0 >> >> >> However, running "restorecon -v >> /var/spool/postfix/private/dovecot-auth" gives me the following error >> : >> >> restorecon: lstat(/var/spool/postfix/private/dovecot-auth) failed: >> No such file or directory >> >> >> I cannot create the socket file in advance, because dovecot manages >> it, and if you "touch" the file, dovecot complains. >> >> Where am I going wrong ? >> >> Thanks ! >> >> Tim >> _______________________________________________ >> CentOS mailing list >> CentOS at centos.org >> https://lists.centos.org/mailman/listinfo/centos >> > > > > -- > S pozdravem / Best regards > Lukas Zapletal > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos
This last update caused numerous services to stop working for me. I fixed them with a relabel. touch /.autorelabel reboot Try that and see... Mike On 01/23/2017 01:57 PM, Tim Smith wrote:> Hi, > > I'm trying to grant dovecot the ability to manage its socket within > the postfix spool directory. > > I have added the below to file_contexts.local : > > /var/spool/postfix/private/dovecot-auth system_u:system_r:dovecot_t:s0 > > > However, running "restorecon -v > /var/spool/postfix/private/dovecot-auth" gives me the following error > : > > restorecon: lstat(/var/spool/postfix/private/dovecot-auth) failed: > No such file or directory > > > I cannot create the socket file in advance, because dovecot manages > it, and if you "touch" the file, dovecot complains. > > Where am I going wrong ? > > Thanks ! > > Tim > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos