[Dovecot] Default SELinux policy on Fedora FC4 prevents dovecot service from starting
Hello,
I recently setup a Fedora FC4 server to host e-mail and webapps. During the install, I turned on SELinux in active mode. All apps seems to work OK but Dovecot daemon won't start. In the audit log, I see this entry when I try to start the dovecot daemon.
type=AVC msg=audit(1141464818.541:40305): avc: denied { read } for pid=1989 comm="dovecot" name=dovecot.pem dev=md2 ino=3646976 scontext=system_u:system_r:dovecot_t tcontext=system_u:object_r:cert_t tclass=file
type=PATH msg=audit(1141499436.214:3266533): item=0 name="/etc/pki/dovecot/dovecot.pem" inode=3646976 dev=09:02 mode=0100600 ouid=0 ogid=0 rdev=00:00
I put SELinux into permissive mode and Dovecot works OK. Looks like dovecot does not assume the correct security context when it initializes and reads the cert file.
My question for the list is what changes should I make to the SELinux policy to safely permit dovecot to read the file? I'm no expert at SELinux but hoping for some direction, or another way to solve this problem. Ideally, I'd like to keep SELinux in enforcing mode.
Many thanks, Eric
--On Tuesday, March 07, 2006 8:00 PM -0600 slohcine@verizon.net wrote:
My question for the list is what changes should I make to the SELinux policy to safely permit dovecot to read the file? I'm no expert at SELinux but hoping for some direction, or another way to solve this problem. Ideally, I'd like to keep SELinux in enforcing mode.
There's a new fedora-security list. You might want to raise this there.
participants (2)
-
Kenneth Porter
-
slohcine@verizon.net