Hello to everyone on the list, I have upgraded my RHEL4 to RHEL5.1 yesterday (all updates have been applied to it as well). I used to have dovecot v0.99.11 on the old system. Everything was working fine. Now I have 5.1 and its respective dovecot v1.0.rc15. Upon upgrading to RHEL5.1, dovecot no longer works correctly. The first thing I did after rewriting the config file for the updated version, was to check my own email. It works fine. However, no other user on the system can check his/hers. Here is what the log shows for everyone except myself: ===========================Jan 27 13:56:41 warp dovecot: POP3(jj): open() failed with file /home/jj/mail/.imap/INBOX/dovecot.index.log: Permission denied Jan 27 13:56:41 warp dovecot: POP3(jj): open() failed with file /home/jj/mail/.imap/INBOX/dovecot.index.log: Permission denied Jan 27 13:56:41 warp dovecot: POP3(jj): Couldn't open INBOX: Internal error occurred. Refer to server log for more information. [2008-01-27 13:56:41] =========================== There are NO complaints reported by selinux in the logs. If I setenforce 0 (disable selinux), everything is working fine for everyone. If I disable selinux monitoring on dovecot (setsebool dovecot_disable_trans 1), nothing changes, which makes me think that something else is causing the problem. I do very much want to use selinux, however, I cannot figure out what the problem is and I have been trying for many hours. Can anyone help? Thanks, Ion
On Jan 28, 2008 6:17 PM, Ion Soltan <webmaster at forlangs.net> wrote:> Hello to everyone on the list, > > I have upgraded my RHEL4 to RHEL5.1 yesterday (all updates have been applied to it as well). I used to have dovecot v0.99.11 on the old system. Everything was working fine. Now I have 5.1 and its respective dovecot v1.0.rc15. > > Upon upgrading to RHEL5.1, dovecot no longer works correctly. The first thing I did after rewriting the config file for the updated version, was to check my own email. It works fine. However, no other user on the system can check his/hers. > > Here is what the log shows for everyone except myself: > > ===========================> Jan 27 13:56:41 warp dovecot: POP3(jj): open() failed with file /home/jj/mail/.imap/INBOX/dovecot.index.log: Permission denied > Jan 27 13:56:41 warp dovecot: POP3(jj): open() failed with file /home/jj/mail/.imap/INBOX/dovecot.index.log: Permission denied > Jan 27 13:56:41 warp dovecot: POP3(jj): Couldn't open INBOX: Internal error occurred. Refer to server log for more information. [2008-01-27 13:56:41] > ===========================> > There are NO complaints reported by selinux in the logs. If I setenforce 0 (disable selinux), everything is working fine for everyone. > > If I disable selinux monitoring on dovecot (setsebool dovecot_disable_trans 1), nothing changes, which makes me think that something else is causing the problem. I do very much want to use selinux, however, I cannot figure out what the problem is and I have been trying for many hours. Can anyone help? > > Thanks, > IonMaybe the new policy (from rpm) was not immediately applied. Do you run targeted policy ? -- Marius
Thanks to Marius, I've got this problem fixed! I don't know how or why, but selinux directory contexts have been altered during the update for everyone else on the system except myself (what makes it odd is that my user has the same group and permissions as everyone else). So what did the trick was to apply: chcon -t user_home_dir_t to each user's home, mail, .imap and INBOX directories. Thanks again for pointing me in the right direction, Marius! Ion ----- Original Message ----- From: "Marius ROMAN" <marius.roman at gmail.com> To: "Ion Soltan" <webmaster at forlangs.net> Sent: Monday, January 28, 2008 2:05 PM Subject: Re: [Dovecot] Dovecot/SeLinux issues after RHEL5.1 upgrade> On Jan 28, 2008 9:33 PM, Ion Soltan <webmaster at forlangs.net> wrote: >> Marius, >> >> I do run the targeted policy. Are you suggesting a reinstall of the RPM? >> >> Thank you, >> Ion >> > > Nope. > Read http://www.dovecot.org/list/dovecot/2007-January/018989.html > maybe you have the same or related problem. > If this helps post your solution to the list. > > -- > Marius