[Dovecot] Default SELinux policy on Fedora FC4 prevents dovecot service from starting

slohcine at verizon.net slohcine at verizon.net
Wed Mar 8 04:00:30 EET 2006


Hello,

I recently setup a Fedora FC4 server to host e-mail and webapps. During the install, I turned on SELinux in active mode. All apps seems to work OK but Dovecot daemon won't start. In the audit log, I see this entry when I try to start the dovecot daemon. 

type=AVC msg=audit(1141464818.541:40305): avc:  denied  { read } for  pid=1989 comm="dovecot" name=dovecot.pem dev=md2 ino=3646976 scontext=system_u:system_r:dovecot_t tcontext=system_u:object_r:cert_t tclass=file

type=PATH msg=audit(1141499436.214:3266533): item=0 name="/etc/pki/dovecot/dovecot.pem" inode=3646976 dev=09:02 mode=0100600 ouid=0 ogid=0 rdev=00:00

I put SELinux into permissive mode and Dovecot works OK. Looks like dovecot does not assume the correct security context when it initializes and reads the cert file. 

My question for the list is what changes should I make to the SELinux policy to safely permit dovecot to read the file? I'm no expert at SELinux but hoping for some direction, or another way to solve this problem. Ideally, I'd like to keep SELinux in enforcing mode. 

Many thanks,
Eric



More information about the dovecot mailing list