[Dovecot] deliver triggering SELinux AVC denials
greno at verizon.net
greno at verizon.net
Wed Jan 2 05:36:29 EET 2008
>From: Timo Sirainen <tss at iki.fi>
>Date: 2008/01/01 Tue PM 09:18:05 CST
>To: Gerry Reno <greno at verizon.net>
>Cc: dovecot at dovecot.org
>Subject: Re: [Dovecot] deliver triggering SELinux AVC denials
...
>Set dotlock_use_excl=yes to see what file it's really wanting to create.
Ok, did that. And looking at all the alerts it appears to be any file that deliver is trying to write under /home/vmail.
My users are all virtual and they all exist like:
/home/vmail/example.com/john
typical permissions:
-rw------- 1 vmail vmail 464 2008-01-01 20:06 dovecot.index.log
but for some reason even though deliver is setup to run as vmail:vmail it is still having permission problems.
dovecot unix - n n - - pipe
flags=DRhu user=vmail:vmail argv=/usr/libexec/dovecot/deliver -d ${recipient}
????
Gerry
More information about the dovecot
mailing list