[Dovecot] SELinux and "i_stream_read() failed: Permission denied"
James Butler
jbutler at thebestdefense.com
Fri Apr 17 03:01:46 EEST 2009
> On Wed, 2009-04-15 at 18:55 -0700, James Butler wrote:
>> > On Wed, 2009-04-15 at 16:47 -0700, James Butler wrote:
>> >> "i_stream_read() failed: Permission denied" is an error message
>> >> generated
>> >> when a large-ish file (>128kb in my case) is attached to a message
>> that
>> >> has been passed to Dovecot's deliver program when SELinux is being
>> >> enforced.
>> > ..
>> >> The problem is that deliver is not running with the correct SELinux
>> >> policy
>> >> to be able to write to the global /tmp directory
>> >
>> > BTW. Dovecot v1.2+ no longer writes to /tmp directory. Writing to /tmp
>> > was pretty evil.
>>
>> I hear ya. I'm running v.1.2.rc2 ... is there a newer version?
>
> Are you sure the deliver is also from v1.2.rc2? You mentioned:
>
>> deliver(user): unlink(/tmp/dovecot.deliver.. \
>> 1239836047.9469.46242b1037005551) failed: Permission denied
>
> But there's no dovecot.deliver anymore in v1.2:
>
> ~/cvs/dovecot-1.2/src/deliver% grep dovecot.deliver deliver
> ~/cvs/dovecot-1.2/src/deliver%
>
> It is in v1.1 though.
>
I have no answer for you, except:
# dovecot -n
- 1.2.rc2: /usr/local/etc/dovecot.conf
# ls -la /tmp
total 104
-rw------- 1 user dovecot 0 2009-04-15 15:47
dovecot.deliver..1239835658.9325.c6f5c942d0424f70
-rw------- 1 user dovecot 0 2009-04-15 15:47
dovecot.deliver..1239835664.9329.c2eb40454a80d780
-rw------- 1 user dovecot 0 2009-04-15 15:47
dovecot.deliver..1239835665.9331.b61a334c362dc35f
-rw------- 1 user dovecot 0 2009-04-15 15:51
dovecot.deliver..1239835870.9420.71fa4ab59306c936
-rw------- 1 user dovecot 0 2009-04-15 15:54
dovecot.deliver..1239836046.9470.76b013baec297b2c
-rw------- 1 user dovecot 0 2009-04-15 15:54
dovecot.deliver..1239836047.9469.46242b1037005551
-rw------- 1 user dovecot 0 2009-04-15 15:54
dovecot.deliver..1239836056.9482.384c6f25d95f5d2a
...etc...
James
More information about the dovecot
mailing list