new dovecot, selinux Problem ?
Hello List, after the last update I have a selinux "Problem" with dovecot. My system is a centos 7.
After a new start from dovecot selinux block a connection.
Jul 12 16:24:24 mx01 systemd: Starting Dovecot IMAP/POP3 email server... Jul 12 16:24:54 mx01 systemd: Started Dovecot IMAP/POP3 email server. Jul 12 16:24:54 mx01 dovecot: Warning: Corrected permissions for login directory /var/run/dovecot/token-login Jul 12 16:24:54 mx01 dbus[3008]: [system] Activating service name='org.fedoraproject.Setroubleshootd' (using servicehelper) Jul 12 16:24:55 mx01 dbus[3008]: [system] Successfully activated service 'org.fedoraproject.Setroubleshootd' Jul 12 16:24:55 mx01 setroubleshoot: SELinux is preventing dovecot from getattr access on the file /proc/sys/fs/suid_dumpable. For complete SELinux messages run: sealert -l c46ae6a7-64c4-49a7-9e3d-477547fb6da8 Jul 12 16:24:55 mx01 python: SELinux is preventing dovecot from getattr access on the file /proc/sys/fs/suid_dumpable.#012#012***** Plugin catchall (100. confidence) suggests **************************#012#012If you believe that dovecot should be allowed getattr access on the suid_dumpable file by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# ausearch -c 'dovecot' --raw | audit2allow -M my-dovecot#012# semodule -i my-dovecot.pp#012
is this a bad Error?
When I install this local Policy i have a Problem with selinux wrong policy.
sealert -a /var/log/audit/audit.log 13% donetype=AVC msg=audit(1562936830.462:61868): avc: denied { getattr } for pid=31288 comm="dovecot" path="/proc/sys/fs/suid_dumpable" dev="proc" ino=35734 scontext=system_u:system_r:dovecot_t:s0 tcontext=system_u:object_r:proc_security_t:s0 tclass=file permissive=0
**** Invalid AVC allowed in current policy ***
100% done found 0 alerts in /var/log/audit/audit.log
Can any tell / help me for a correct installation?
-- mit freundliche Grüßen / best regards,
Günther J. Niederwimmer
participants (1)
-
Günther J. Niederwimmer