similar to: Default SELinux policy on Fedora FC4 prevents dovecot service from starting

I am having a very strange issue with Dovecot + Sqlite + SELinux in enforcing. I am able to log in via IMAPS if SELinux is in permissive, but not able to do so when in enforcing. I do not see any SELinux denials even with dontaudit's enabled. I am running Centos 5 on x86_64 with a customized kernel build and SElinux Strict policy. The log dumps below are in the following order:? 1. My syslog

I've just encountered a problem starting tor. When I do 'systemctl start tor' it fails and I get selinux errors in the log. There was suggestion to do full auditing with 'auditctl -w /etc/shadow -p w'. Which I did and it gave the following type=PROCTITLE msg=audit(1539540150.692:60570): proctitle=2F7573722F62696E2F746F72002D2D72756E61736461656D6F6E0030002D2

On Sun, 2018-10-14 at 20:13 +0200, Robin Lee wrote: > I've just encountered a problem starting tor. When I do 'systemctl > start tor' it fails and I get selinux errors in the log. There was > suggestion to do full auditing with 'auditctl -w /etc/shadow -p w'. > Which I did and it gave the following > > type=PROCTITLE msg=audit(1539540150.692:60570): >

Workstation  is member of NT domain, DC is samba 3.6.12. Was running Fedora 22 (samba 4.2.12), domain logins were working fine. Upgraded to Fedora 23 (samba 4.3.11) and domain logins no longer work: "Domain Controller unreachable, using cached credentials instead." Can connect to shares on the DC (e.g., with smbclient) without problem. Upgraded to samba 4.4.5 (from Fedora 24), issue

On 10/23/18 2:49 PM, Robin Lee wrote: > On Sun, 2018-10-14 at 20:13 +0200, Robin Lee wrote: >> I've just encountered a problem starting tor. When I do 'systemctl >> start tor' it fails and I get selinux errors in the log. There was >> suggestion to do full auditing with 'auditctl -w /etc/shadow -p w'. >> Which I did and it gave the following >>

Hi, folks, Our system gets/creates /var/lib/ssh-x509-auth/<username>,pem, then deletes it when the log out. selinux (in permissive mode) complains. First, I changed the context to cert_t, and *now* it complains that ksh93 wants write, etc access on the directory. grep ssh-x509-auth /var/log/audit/audit.log | audit2allow offers me this: #============= sshd_t ============== allow sshd_t

On 06.08.2019 23:17, Reio Remma via dovecot wrote: > On 24.06.2019 16:25, Reio Remma wrote: >> On 24.06.2019 8:21, Aki Tuomi wrote: >>> On 22.6.2019 22.00, Reio Remma via dovecot wrote: >>>> Jun 22 16:55:22 host dovecot: dsync-local(user at host.ee)<>: Error: >>>> Remote command returned error 84: ssh -i /home/vmail/.ssh/vmail.pem -l >>>>

Le mardi 25 avril 2017 ? 10:04 +0200, Robert Moskowitz a ?crit : > I thought I had this fixed, but I do not. I was away from this problem > working on other matters, and came back (after a reboot) and it is still > there, so I suspect when I thought I had it 'fixed' I was running with > setenforce 0 from another problem (that is fixed). > > So anyone know how to get

Thanks Laurent. You obviously know a LOT more about SELinux than I. I pretty much just use commands and not build policies. So I need some more information here. From what you provided below, how do I determine what is currently in place and how do I add your stuff (changing postgresql with mysql, nat.) thanks On 04/25/2017 10:26 AM, Laurent Wandrebeck wrote: > Le mardi 25 avril 2017

Is it possible to audit the Linux User Shell? I am trying to gather what commands a user is running no our systems. Can auditd handle this? TIA -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20070903/3d4d491d/attachment.html>

On 24.06.2019 16:25, Reio Remma wrote: > On 24.06.2019 8:21, Aki Tuomi wrote: >> On 22.6.2019 22.00, Reio Remma via dovecot wrote: >>> Jun 22 16:55:22 host dovecot: dsync-local(user at host.ee)<>: Error: >>> Remote command returned error 84: ssh -i /home/vmail/.ssh/vmail.pem -l >>> vmail backup.host.ee doveadm dsync-server -D -uuser at host.ee >>>

Following a hard drive corruption I have reinstalled the latest version of CentOS and all current patch files. For most applications I selected the default options. By doing this I expected that the packages would play nice with one another and I could customize as necessary. Setting SELinux to enforce I encountered all sorts of problems - but most were resolvable, save for Dovecot,

On 04/25/2017 11:12 AM, Laurent Wandrebeck wrote: > Le mardi 25 avril 2017 ? 11:07 +0200, Robert Moskowitz a ?crit : >> On 04/25/2017 10:58 AM, Laurent Wandrebeck wrote: >>> Le mardi 25 avril 2017 ? 10:39 +0200, Robert Moskowitz a ?crit : >>>> Thanks Laurent. You obviously know a LOT more about SELinux than I. I >>>> pretty much just use commands and not

Am 11.04.2020 um 13:00 schrieb Andrei Petru Mura: > Hi, > > After configuring systemd unit with ReadWritePaths=/home/mail, I get the > following error logs in audit: > type=AVC msg=audit(1586604621.637:6736): avc: denied { write } for > pid=12750 comm="imap" name="Maildir" dev="dm-3" ino=438370738 > scontext=system_u:system_r:dovecot_t:s0

On 04/25/2017 06:45 PM, Gordon Messmer wrote: > On 04/25/2017 01:58 AM, Laurent Wandrebeck wrote: >> Quick?n?(really) dirty SELinux howto: > > > Alternate process: > > 1: setenforce permissive > 2: tail -f /var/log/audit/audit.log | grep AVC > 3: use the service, exercise each function that's constrained by the > existing policy > 4: copy and paste the

On 24.06.2019 8:21, Aki Tuomi wrote: > On 22.6.2019 22.00, Reio Remma via dovecot wrote: >> Hello! >> >> I finally took the time and spent two days to set up replication for >> my server and now I have a question or two. >> >> I initially set noreplicate userdb field to 1 for all but a test user, >> but I could still see in the logs that all mailboxes

> On 11/04/2020 15:57 Aki Tuomi <aki.tuomi at open-xchange.com> wrote: > > > > > > On 11/04/2020 15:47 Alex JOST < jost+lists at dimejo.at> wrote: > > > > > > > > > > Am 11.04.2020 um 13:00 schrieb Andrei Petru Mura: > > > Hi, > > > > > > > > > After configuring systemd unit with

Hello, I update my dovecot to the last Version, now I have this error in the audit Log. Can any tell me what I can do, without selinux disabled // SELinux hindert /usr/sbin/dovecot daran, mit getattr-Zugriff auf Datei /proc/ sys/fs/suid_dumpable zuzugreifen. ***** Plugin catchall (100. Wahrscheinlichkeit) schl?gt vor ************** If you believe that dovecot should be allowed getattr

https://bugs.freedesktop.org/show_bug.cgi?id=103689 Bug ID: 103689 Summary: there is an exploitable page fault that can be reliably triggered from the chromium sandbox can possibly lead to remote attackers causing a denial of service condition or possibly running system code. Product: xorg

Hi, After configuring systemd unit with ReadWritePaths=/home/mail, I get the following error logs in audit: type=AVC msg=audit(1586604621.637:6736): avc: denied { write } for pid=12750 comm="imap" name="Maildir" dev="dm-3" ino=438370738 scontext=system_u:system_r:dovecot_t:s0 tcontext=unconfined_u:object_r:etc_runtime_t:s0 tclass=dir permissive=0 type=SYSCALL