Displaying 20 results from an estimated 3000 matches similar to: "SELinux policy to allow Dovecot to connect to Mysql"
2017 Apr 07
3
SELinux policy to allow Dovecot to connect to Mysql
I have been getting the following on my new mailserver:
Apr 7 10:17:27 z9m9z dovecot: dict: Error: mysql(localhost): Connect
failed to database (postfix): Can't connect to local MySQL server
through socket '/var/lib/mysql/mysql.sock' (13) - waiting for 25 seconds
before retry
They go away when I setenforce 0.
So I googled dovecot mysql selinux and the only worthwhile hit was:
2017 Apr 07
1
Solved - Re: SELinux policy to allow Dovecot to connect to Mysql
I reread my sql.conf.ext files and realized they were actually
connecting to localhost. So I did some googling, and found how to
connect to the socket:
connect = host=/var/lib/mysql/mysql.sock dbname=postfix user=postfix
password=Postfix_Database_Password
And all fixed. No more failures. Plus probably securer.
On 04/07/2017 10:57 AM, Robert Moskowitz wrote:
> The strange thing is that
2017 Apr 25
0
NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql
I thought I had this fixed, but I do not. I was away from this problem
working on other matters, and came back (after a reboot) and it is still
there, so I suspect when I thought I had it 'fixed' I was running with
setenforce 0 from another problem (that is fixed).
So anyone know how to get dovecot dict connecting to mysql when
enforcing? Googling is not finding any real help.
On
2017 Apr 07
0
SELinux policy to allow Dovecot to connect to Mysql
The strange thing is that dovecot auth has no problem connecting to
mysql, but the quota query is what is failing.
On 04/07/2017 10:43 AM, Robert Moskowitz wrote:
> As I have noted in previous messages, I been getting the following on
> my new mailserver:
>
> Apr 7 10:17:27 z9m9z dovecot: dict: Error: mysql(localhost): Connect
> failed to database (postfix): Can't connect
2017 Apr 26
3
NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql
On 04/26/2017 12:29 AM, Robert Moskowitz wrote:
> But the policy generates errors. I will have to submit a bug report,
> it seems
A bug report would probably be helpful.
I'm looking back at the message you wrote describing errors in
ld-2.17.so. I think what's happening is that the policy on your system
includes a silent rule that somehow breaks your system. You'll need
2017 Apr 25
2
NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql
Le mardi 25 avril 2017 ? 11:07 +0200, Robert Moskowitz a ?crit :
>
> On 04/25/2017 10:58 AM, Laurent Wandrebeck wrote:
> > Le mardi 25 avril 2017 ? 10:39 +0200, Robert Moskowitz a ?crit :
> >> Thanks Laurent. You obviously know a LOT more about SELinux than I. I
> >> pretty much just use commands and not build policies. So I need some
> >> more
2017 Apr 26
2
NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql
Robert,
in regards to your Postfix and Dovecot issue with MySQL and SELinux,
> Apr 26 01:25:45 z9m9z dovecot: dict: Error:
> mysql(/var/lib/mysql/mysql.sock): Connect failed to database
> (postfix): Can't connect to local MySQL server through socket
> '/var/lib/mysql/mysql.sock' (13) - waiting for 1 seconds before retry
> Apr 26 01:25:45 z9m9z dovecot: dict: Error:
2017 Apr 25
2
NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql
On 04/25/2017 06:45 PM, Gordon Messmer wrote:
> On 04/25/2017 01:58 AM, Laurent Wandrebeck wrote:
>> Quick?n?(really) dirty SELinux howto:
>
>
> Alternate process:
>
> 1: setenforce permissive
> 2: tail -f /var/log/audit/audit.log | grep AVC
> 3: use the service, exercise each function that's constrained by the
> existing policy
> 4: copy and paste the
2017 Apr 26
6
NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql
On 04/26/2017 04:22 AM, Gordon Messmer wrote:
> On 04/25/2017 03:25 PM, Robert Moskowitz wrote:
>> This made the same content as before that caused problems:
>
> I still don't understand, exactly. Are you seeing *new* problems
> after installing a policy? What are the problems?
>
>> #!!!! The file '/var/lib/mysql/mysql.sock' is mislabeled on your system.
2017 Apr 25
5
NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql
Le mardi 25 avril 2017 ? 10:39 +0200, Robert Moskowitz a ?crit :
> Thanks Laurent. You obviously know a LOT more about SELinux than I. I
> pretty much just use commands and not build policies. So I need some
> more information here.
>
> From what you provided below, how do I determine what is currently in
> place and how do I add your stuff (changing postgresql with
2017 Apr 25
0
NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql
On 04/25/2017 11:12 AM, Laurent Wandrebeck wrote:
> Le mardi 25 avril 2017 ? 11:07 +0200, Robert Moskowitz a ?crit :
>> On 04/25/2017 10:58 AM, Laurent Wandrebeck wrote:
>>> Le mardi 25 avril 2017 ? 10:39 +0200, Robert Moskowitz a ?crit :
>>>> Thanks Laurent. You obviously know a LOT more about SELinux than I. I
>>>> pretty much just use commands and not
2017 Apr 28
0
NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql
Gordon,
Thank you for your help on this. Still not working...
On 04/26/2017 06:27 PM, Gordon Messmer wrote:
> On 04/26/2017 12:29 AM, Robert Moskowitz wrote:
>> But the policy generates errors. I will have to submit a bug report,
>> it seems
>
>
> A bug report would probably be helpful.
>
> I'm looking back at the message you wrote describing errors in
>
2013 Nov 05
3
echo 0> /selinux/enforce
When does echo 0 > /selinux/inforce need to be used? I.e., where is
selinux enforcing itself on the system to protect it? When I do yum
install of some package, it seems to work (not being blocked). When would
doing something not work because selinux is watching it (or whatever that
process is doing)?
Thanks,
-wes
2017 Feb 21
3
SELInux conflict with Postfixadmin
postfixadmin setup.php is claiming:
*Error: Smarty template compile directory templates_c is not writable.*
*Please make it writable.*
*If you are using SELinux or AppArmor, you might need to adjust their
setup to allow write access.*
This goes away with 'setenforce 0', so it is an SELinux issue. I have
tried both:
restorecon -Rv /usr/share/postfixadmin
and
chcon -R -t
2014 Dec 30
3
can't enable selinux CentOS 6.5
Hey guys,
For some reason I can't seem to enable SELinux on this one host.
Here's my SELinux config file:
[root at beta-new:~] #cat /etc/sysconfig/selinux
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
#
2010 Jan 08
6
New selinux-policy breaks logwatch emails?
Hello,
After a yum update last night, I had a CenOS 5.4 i386 system pull in the
following selinux updates:
Jan 07 21:39:14 Updated: selinux-policy-2.4.6-255.el5_4.3.noarch
Jan 07 21:39:31 Updated:
selinux-policy-targeted-2.4.6-255.el5_4.3.noarch
This machine has SELinux set to Enforcing.
This morning, I see I got the following email from Cron:
/etc/cron.daily/0logwatch:
sendmail: warning:
2017 May 09
4
CentOS 7 selinux
If I make a change to /etc/sysconfig/selinux do I have to restart anything
for the change to take effect?
2017 Feb 21
2
SELInux conflict with Postfixadmin
On 02/21/2017 11:46 AM, Zdenek Sedlak wrote:
> On 2017-02-21 17:30, Robert Moskowitz wrote:
>> postfixadmin setup.php is claiming:
>>
>> *Error: Smarty template compile directory templates_c is not writable.*
>> *Please make it writable.*
>> *If you are using SELinux or AppArmor, you might need to adjust their
>> setup to allow write access.*
>>
2014 Dec 30
3
can't enable selinux CentOS 6.5
On Tue, December 30, 2014 03:18, Digimer wrote:
> What possible reason could they have for that?
>
> On 30/12/14 02:17 AM, Laurent Dumont wrote:
>> By any change, is it a VPS? I know that my CloudAtCost (very cheap but
>> extremely unreliable provider) prevents you from using SeLinux on their
>> Centos image.
No mysterious breakages == lower support costs. The same
2017 Mar 15
1
Using environment variables in mariadb
On 03/14/2017 06:29 PM, Richard wrote:
>
>> Date: Tuesday, March 14, 2017 14:53:01 -0700
>> From: Robert Moskowitz <rgm at htt-consult.com>
>>
>> I want to script a rather simple create database operation. Thing
>> is, I have to provide the password for that database. I would like
>> to do this with an environment variable, but the simple approach