v2.3.2 released

Reio Remma reio at mrstuudio.ee
Sat Jun 30 11:30:09 EEST 2018


On 30.06.2018 10:55, Reio Remma wrote:
> On 29.06.2018 15:51, Timo Sirainen wrote:
>> https://dovecot.org/releases/2.3/dovecot-2.3.2.tar.gz
>> https://dovecot.org/releases/2.3/dovecot-2.3.2.tar.gz.sig
>>
>> v2.3.2 is mainly a bugfix release. It contains all the changes in 
>> v2.2.36, as well as a bunch of other fixes (mainly for v2.3-only 
>> bugs). Binary packages are already in https://repo.dovecot.org/
>
> Has something been changed in the CentOS package, especially with 
> SELinux? I just updated from 2.3.1 and now I'm having to add SELinux 
> rules for Dovecot to be able to read files in /etc. I've an sqlite 
> user database in /etc/mail and sieve scripts in /etc/dovecot/sieve, 
> neither are accessible anymore without adding extra SELinux rules.

# This one is now needed to use the sqlite database in /etc/mail
#

module selinux-dovecot-etc 1.0;

require {

         type dovecot_auth_t;

         type etc_mail_t;

         class dir search;

         class file { getattr lock open read write };

}

#============= dovecot_auth_t ==============

allow dovecot_auth_t etc_mail_t:dir search;

allow dovecot_auth_t etc_mail_t:file { getattr lock open read write };


# This module is needed for Dovecot to be able to execute sieve scripts 
in /etc/dovecot/sieve
#

module selinux-dovecot-etc-execute 1.0;

require {

         type dovecot_etc_t;

         type dovecot_t;

         class file { execute execute_no_trans };

}

#============= dovecot_t ==============

allow dovecot_t dovecot_etc_t:file { execute execute_no_trans };


# This module is needed for my spamc scripts to access what it needs
#

module selinux-dovecot-sieve-execute 1.0;

require {

         type var_log_t;

         type dovecot_t;

         type spamc_exec_t;

         type tmpfs_t;

         class lnk_file read;

         class file { execute execute_no_trans getattr open read };

}

#============= dovecot_t ==============

allow dovecot_t spamc_exec_t:file { execute execute_no_trans getattr open read };

allow dovecot_t tmpfs_t:lnk_file read;

allow dovecot_t var_log_t:file open;


None of these modules were needed before upgrade from 2.3.1 on my Centos 
7.5 system.

---
Good luck,
Reio


More information about the dovecot mailing list