I am running selinux in permissive mode on my new mail server, in part
because of dovecot. I would really like to use selinux, but I suspect
it may be a challenge. My setup is on Centos 6.3 with dovecot using
mysql for virutal domains and users. I am looking for a set of
definitive selinux instructions, not a pointer to selinux tutorial.
Here are examples of what I am seeing:
Feb 27 16:46:08 klovia kernel: type=1400 audit(1362001568.770:33468): avc: denied { search } for pid=2994 comm="dict" name="mysql" dev=dm-0 ino=1705864 scontext=system_u:system_r:dovecot_t:s0 tcontext=system_u:object_r:mysqld_db_t:s0 tclass=dir Feb 27 16:46:08 klovia kernel: type=1400 audit(1362001568.770:33469): avc: denied { write } for pid=2994 comm="dict" name="mysql.sock" dev=dm-0 ino=1706116 scontext=system_u:system_r:dovecot_t:s0 tcontext=system_u:object_r:mysqld_var_run_t:s0 tclass=sock_file Feb 27 16:46:08 klovia kernel: type=1400 audit(1362001568.770:33470): avc: denied { connectto } for pid=2994 comm="dict" path="/var/lib/mysql/mysql.sock" scontext=system_u:system_r:dovecot_t:s0 tcontext=system_u:system_r:mysqld_t:s0 tclass=unix_stream_socket Feb 27 16:46:08 klovia kernel: type=1400 audit(1362001568.771:33471): avc: denied { getattr } for pid=2994 comm="dict" path="/usr/share/mysql/charsets/Index.xml" dev=dm-0 ino=395155 scontext=system_u:system_r:dovecot_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=file Feb 27 16:46:08 klovia kernel: type=1400 audit(1362001568.771:33472): avc: denied { read } for pid=2994 comm="dict" name="Index.xml" dev=dm-0 ino=395155 scontext=system_u:system_r:dovecot_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=file