search for: ssh_exec_t

...self. > > Dovecot under selinux works, as long as you do it the way the policy > writer intended, see https://linux.die.net/man/8/dovecot_selinux > > Aki For replication over SSH I had to add the following module: module selinux-dovecot-replication-ssh 1.0; require { type ssh_exec_t; type ssh_home_t; type dovecot_t; class file { open read execute execute_no_trans }; class dir { getattr search }; } #============= dovecot_t ============== allow dovecot_t ssh_exec_t:file { open read execute execute_no_trans }; allow dovecot_t ssh_home_t:dir {...

...y >>> writer intended, seehttps://linux.die.net/man/8/dovecot_selinux >>> >>> Aki >> >> For replication over SSH I had to add the following module: >> >> module selinux-dovecot-replication-ssh 1.0; >> >> require { >> type ssh_exec_t; >> type ssh_home_t; >> type dovecot_t; >> class file { open read execute execute_no_trans }; >> class dir { getattr search }; >> } >> >> #============= dovecot_t ============== >> allow dovecot_t ssh_exec_t:file {...

..., as long as you do it the way the policy >> writer intended, seehttps://linux.die.net/man/8/dovecot_selinux >> >> Aki > > For replication over SSH I had to add the following module: > > module selinux-dovecot-replication-ssh 1.0; > > require { > type ssh_exec_t; > type ssh_home_t; > type dovecot_t; > class file { open read execute execute_no_trans }; > class dir { getattr search }; > } > > #============= dovecot_t ============== > allow dovecot_t ssh_exec_t:file { open read execute execute_no_tra...

Hello! I finally took the time and spent two days to set up replication for my server and now I have a question or two. I initially set noreplicate userdb field to 1 for all but a test user, but I could still see in the logs that all mailboxes were trying to connect to the other server via SSH. Is that normal? Jun 22 16:55:22 host dovecot: dsync-local(user at host.ee)<>: Error: Remote

> On 6 Aug 2019, at 23.52, Reio Remma via dovecot <dovecot at dovecot.org> wrote: > > service doveadm { > user = vmail > } > > This seems to have fixed it. Here's hoping for no unforeseen side-effects. :) > > I still need allow dovecot_t ssh_exec_t:file { execute execute_no_trans open read }; for selinux, but there are no more errors in maillog and it can read both the key and known_hosts (from either /home/vmail/.ssh/known_hosts or /etc/ssh/ssh_known_hosts). There might be. What we usually is just allow dsync user to sudo doveadm dsync-serv...