search for: dovecot_selinux

Hi, installation by prebuilt binaries creates security contexts on each file (as shown here https://linux.die.net/man/8/dovecot_selinux) so that dovecot integrates perfectly in SELinux. I've compiled instead from sources (as described here https://wiki2.dovecot.org/CompilingSource) and i'd like to know how create same security contexts of prebuilt binaries to have an identical behaviour in SELinux. Thank you -------------...

...as mail store isn't included in the default </div> <div> SELinux policy. Did you make sure that the correct SELinux type is set </div> <div> on the directories? </div> <div> <a href="https://www.unix.com/man-page/centos/8/dovecot_selinux/" rel="noopener" target="_blank">https://www.unix.com/man-page/centos/8/dovecot_selinux/</a> </div> <div> <br> </div> <div> <br> </div> <div> If this isn't enough to get you going you...

....3.7, noreplicate works but causes errors. You > can try > https://github.com/dovecot/core/compare/6d5b4b5%5E..93945ec.patch if you > are compiling yourself. > > Dovecot under selinux works, as long as you do it the way the policy > writer intended, see https://linux.die.net/man/8/dovecot_selinux > > Aki For replication over SSH I had to add the following module: module selinux-dovecot-replication-ssh 1.0; require { type ssh_exec_t; type ssh_home_t; type dovecot_t; class file { open read execute execute_no_trans }; class dir { getattr se...

Hello! I finally took the time and spent two days to set up replication for my server and now I have a question or two. I initially set noreplicate userdb field to 1 for all but a test user, but I could still see in the logs that all mailboxes were trying to connect to the other server via SSH. Is that normal? Jun 22 16:55:22 host dovecot: dsync-local(user at host.ee)<>: Error: Remote

Hi, After configuring systemd unit with ReadWritePaths=/home/mail, I get the following error logs in audit: type=AVC msg=audit(1586604621.637:6736): avc: denied { write } for pid=12750 comm="imap" name="Maildir" dev="dm-3" ino=438370738 scontext=system_u:system_r:dovecot_t:s0 tcontext=unconfined_u:object_r:etc_runtime_t:s0 tclass=dir permissive=0 type=SYSCALL

...Hi! We are fixing this is 2.3.7, noreplicate works but causes errors. You can try https://github.com/dovecot/core/compare/6d5b4b5%5E..93945ec.patch if you are compiling yourself. Dovecot under selinux works, as long as you do it the way the policy writer intended, see https://linux.die.net/man/8/dovecot_selinux Aki

...AM authentication using system users, > it works well. > > Any suggestions on this? Looks like /home/mail as mail store isn't included in the default SELinux policy. Did you make sure that the correct SELinux type is set on the directories? https://www.unix.com/man-page/centos/8/dovecot_selinux/ If this isn't enough to get you going you might need to create your own policy. The following steps should be all that it takes to create your own policy. Check that grep includes only lines that you want included in your new policy: grep dovecot /var/log/audit/audit.log | audit2allow...

...t; > > > > > > Any suggestions on this? > > Looks like /home/mail as mail store isn't included in the default > > SELinux policy. Did you make sure that the correct SELinux type is set > > on the directories? > > https://www.unix.com/man-page/centos/8/dovecot_selinux/ > > > > > > > > > > If this isn't enough to get you going you might need to create your own > > policy. The following steps should be all that it takes to create your > > own policy. > > > > > > Check that grep includes only lin...

...e doveadm dsync-server -D -uuser at host.ee >>> >>> PS: Getting SSH for Dovecot to work with SELinux on CentOS 7 was fun >>> as usual. :) >> Dovecot under selinux works, as long as you do it the way the policy >> writer intended, seehttps://linux.die.net/man/8/dovecot_selinux >> >> Aki > > For replication over SSH I had to add the following module: > > module selinux-dovecot-replication-ssh 1.0; > > require { > type ssh_exec_t; > type ssh_home_t; > type dovecot_t; > class file { open read exec...

...er -D -uuser at host.ee >>>> >>>> PS: Getting SSH for Dovecot to work with SELinux on CentOS 7 was fun >>>> as usual. :) >>> Dovecot under selinux works, as long as you do it the way the policy >>> writer intended, seehttps://linux.die.net/man/8/dovecot_selinux >>> >>> Aki >> >> For replication over SSH I had to add the following module: >> >> module selinux-dovecot-replication-ssh 1.0; >> >> require { >> type ssh_exec_t; >> type ssh_home_t; >> type dovecot_...