similar to: Dovecot POP3 fails to chdir under FC6

On 04/25/2017 06:45 PM, Gordon Messmer wrote: > On 04/25/2017 01:58 AM, Laurent Wandrebeck wrote: >> Quick?n?(really) dirty SELinux howto: > > > Alternate process: > > 1: setenforce permissive > 2: tail -f /var/log/audit/audit.log | grep AVC > 3: use the service, exercise each function that's constrained by the > existing policy > 4: copy and paste the

Just installed 7.2, and I'm seeing this - is this a bug in the policy? ************************** SELinux is preventing systemd-readahe from add_name access on the directory .readahead.new. ***** Plugin catchall_labels (83.8 confidence) suggests ******************* If you want to allow systemd-readahe to have add_name access on the .readahead.new directory Then you need to change the

I am having a very strange issue with Dovecot + Sqlite + SELinux in enforcing. I am able to log in via IMAPS if SELinux is in permissive, but not able to do so when in enforcing. I do not see any SELinux denials even with dontaudit's enabled. I am running Centos 5 on x86_64 with a customized kernel build and SElinux Strict policy. The log dumps below are in the following order:? 1. My syslog

Am 11.04.2020 um 13:00 schrieb Andrei Petru Mura: > Hi, > > After configuring systemd unit with ReadWritePaths=/home/mail, I get the > following error logs in audit: > type=AVC msg=audit(1586604621.637:6736): avc: denied { write } for > pid=12750 comm="imap" name="Maildir" dev="dm-3" ino=438370738 > scontext=system_u:system_r:dovecot_t:s0

> On 11/04/2020 15:57 Aki Tuomi <aki.tuomi at open-xchange.com> wrote: > > > > > > On 11/04/2020 15:47 Alex JOST < jost+lists at dimejo.at> wrote: > > > > > > > > > > Am 11.04.2020 um 13:00 schrieb Andrei Petru Mura: > > > Hi, > > > > > > > > > After configuring systemd unit with

Hello, I update my dovecot to the last Version, now I have this error in the audit Log. Can any tell me what I can do, without selinux disabled // SELinux hindert /usr/sbin/dovecot daran, mit getattr-Zugriff auf Datei /proc/ sys/fs/suid_dumpable zuzugreifen. ***** Plugin catchall (100. Wahrscheinlichkeit) schl?gt vor ************** If you believe that dovecot should be allowed getattr

Following a hard drive corruption I have reinstalled the latest version of CentOS and all current patch files. For most applications I selected the default options. By doing this I expected that the packages would play nice with one another and I could customize as necessary. Setting SELinux to enforce I encountered all sorts of problems - but most were resolvable, save for Dovecot,

Ok, I was able to fix both of my problems and they are both related to SELinux problems First: I am assuming that you are like me and that you have an excellent background in systems administration (I teach it at a university for a living.) So you've configured chmod permissions and chown user and group ownerships on directories and files to correctly allow the desired access. You have

Hi, After configuring systemd unit with ReadWritePaths=/home/mail, I get the following error logs in audit: type=AVC msg=audit(1586604621.637:6736): avc: denied { write } for pid=12750 comm="imap" name="Maildir" dev="dm-3" ino=438370738 scontext=system_u:system_r:dovecot_t:s0 tcontext=unconfined_u:object_r:etc_runtime_t:s0 tclass=dir permissive=0 type=SYSCALL

<!doctype html> <html> <head> <meta charset="UTF-8"> </head> <body> <div> <br> </div> <blockquote type="cite"> <div> On 11/04/2020 15:47 Alex JOST < <a href="mailto:jost+lists@dimejo.at">jost+lists@dimejo.at</a>> wrote: </div> <div>

I'm having a strange problem with selinux and the mounting of a nfs directory. I'm specifying the security context as part of the mount command, yet the security context still shows nfs. The mount shows what the security context should be: [root at clienthost ~]# mount serverhost:/usr/local on /usr/local type nfs4

Gordon, Thank you for your help on this. Still not working... On 04/26/2017 06:27 PM, Gordon Messmer wrote: > On 04/26/2017 12:29 AM, Robert Moskowitz wrote: >> But the policy generates errors. I will have to submit a bug report, >> it seems > > > A bug report would probably be helpful. > > I'm looking back at the message you wrote describing errors in >

I've just installed CentOS 5.5 and dovecot 2.0.7. Out of the box, it worked ok with local user accounts. Then I enable selinux and I could no loger login to imap server. I can deal with that via a local policy. But I found dovecot tried to open /etc/shadow: type=AVC msg=audit(1291490764.101:670): avc: denied { read } for pid=16130 comm="auth" name="shadow" dev=md2

Hi, I tried to apply a security context on a directory with the following commands: [root@ local]# semanage fcontext -a -t httpd_sys_rw_content_t "netdot(/.*)?" [root@ local]# restorecon -R netdot/ When I list the contexts, it is part of the list.... [root@ local]# semanage fcontext -l | grep netdot ./netdot(/.*)? all files

Not a problem ... sharing a solution (this time)! Please correct my understanding of the process, if required. "i_stream_read() failed: Permission denied" is an error message generated when a large-ish file (>128kb in my case) is attached to a message that has been passed to Dovecot's deliver program when SELinux is being enforced. In my case, these messages are first run

Hello, I am successfully connecting my Windows box to a RHEL 5 over SMB. This works for both mounting a regular share as well as (my own implementation of) a FUSE mountpoint. On RHEL 6 I can only mount a regular share, but not a FUSE mountpoint. I am getting a Permission Denied error. On both machines I have disabled firewall and I set SELinux to permissive. Does anybody know why this

Hello, I recently setup a Fedora FC4 server to host e-mail and webapps. During the install, I turned on SELinux in active mode. All apps seems to work OK but Dovecot daemon won't start. In the audit log, I see this entry when I try to start the dovecot daemon. type=AVC msg=audit(1141464818.541:40305): avc: denied { read } for pid=1989 comm="dovecot" name=dovecot.pem dev=md2

Hello List, after the last update I have a selinux "Problem" with dovecot. My system is a centos 7. After a new start from dovecot selinux block a connection. Jul 12 16:24:24 mx01 systemd: Starting Dovecot IMAP/POP3 email server... Jul 12 16:24:54 mx01 systemd: Started Dovecot IMAP/POP3 email server. Jul 12 16:24:54 mx01 dovecot: Warning: Corrected permissions for login directory

On 06/02/2015 11:30 AM, m.roth at 5-cent.us wrote: > Tried just the selinux list yesterday, no answers, so I'm trying again. > > I partitioned GPT, and formatted, as xfs, a large (3TB) drive on a CentOS > 6 system, which has selinux in permissive mode. I then moved the drive to > a CentOS 5 system. When we run a copy (it mirror-copies from another > system), we get a ton of

I wrote: > I partitioned GPT, and formatted, as xfs, a large (3TB) drive on a CentOS > 6 system, which has selinux in permissive mode. I then moved the drive to a > CentOS 5 system. When we run a copy (it mirror-copies from another system), > we get a ton of errors. I discovered that the CentOS 5 system was enforcing. > I changed it to permissive, I labelled the directories and