On 30.07.2019 20:07, Tom Diehl via dovecot wrote:> > Does anyone have an Idea how to fix this? > > Regards, >Perhaps see if there are any denials in SELinux audit log: sudo grep denied /var/log/audit/audit.log | grep dovecot | audit2allow -a Good luck, Reio
Am 30.07.2019 um 19:33 schrieb Reio Remma via dovecot:> On 30.07.2019 20:07, Tom Diehl via dovecot wrote: >> >> Does anyone have an Idea how to fix this? >> >> Regards, >> > > Perhaps see if there are any denials in SELinux audit log: > > sudo grep denied /var/log/audit/audit.log | grep dovecot | audit2allow -a > > Good luck, > ReioThe proper search for dovecot AVCs would be: aausearch -m avc -c dovecot | audit2why audit2allow is not that helpful in the first approach. Alexander
Am 30.07.2019 um 20:12 schrieb Alexander Dalloz via dovecot:> aausearch -m avc -c dovecot | audit2whysorry, "ausearch" is the proper command
On Tue, 30 Jul 2019, Reio Remma via dovecot wrote:> On 30.07.2019 20:07, Tom Diehl via dovecot wrote: >> >> Does anyone have an Idea how to fix this? > > Perhaps see if there are any denials in SELinux audit log:Selinux is in permissive. If I do: (vmail1 pts9) # ll /proc/self/io -r-------- 1 root root 0 Jul 30 15:27 /proc/self/io (vmail1 pts9) # It is obvious to me why I get permission denied. The problem is you cannot chmod on /proc. I suspect I have something mis-configured but the question is what? Regards, -- Tom me at tdiehl.org
> On 30 Jul 2019, at 22.53, Tom Diehl via dovecot <dovecot at dovecot.org> wrote: > > On Tue, 30 Jul 2019, Reio Remma via dovecot wrote: > >> On 30.07.2019 20:07, Tom Diehl via dovecot wrote: >>> >>> Does anyone have an Idea how to fix this? >> >> Perhaps see if there are any denials in SELinux audit log: > > Selinux is in permissive. > > If I do: > (vmail1 pts9) # ll /proc/self/io -r-------- 1 root root 0 Jul 30 15:27 /proc/self/io > (vmail1 pts9) # > > It is obvious to me why I get permission denied. The problem is you > cannot chmod on /proc. I suspect I have something mis-configured but > the question is what?service lmtp { executable = lmtp -L inet_listener lmtp { address = 127.0.0.1 port = 24 } process_min_avail = 5 unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } user = vmail } please remove user = vmail from here or change it to root. for security reasons lmtp service must be started as root since version 2.2.36. lmtp will drop root privileges after initialisation but it needs to open /self/proc/io as root before that. Sami