Chris Jones wrote:
Paul Howarth wrote:
Chris Jones wrote:
Paul Howarth wrote:
Chris Jones wrote:
Paul Howarth wrote:
On Sun, 2006-06-25 at 23:16 +0100, Chris Jones wrote:
I am using FC5 on a generic Athlon x64 PC. I am having problems
with several services.
1. Dovecot refuses to start. When I attempt to start the service
I get a message in /var/log/messages as follows:
Jun 25 23:05:38 bilbo kernel: audit(1151273138.255:415): avc:
denied { create } for pid=1480 comm="dovecot"
scontext=user_u:system_r:dovecot_t:s0
tcontext=user_u:system_r:dovecot_t:s0 tclass=socket
Can anyone here give me a hint on what I need to do to get this
working? >From the log message, this seems to be something to do
with selinux.
Indeed it is. Some more diagnostic info would be useful. Can you post
the output of:
# ausearch -a 415
produces the output >
[root@bilbo network-scripts]# ausearch -a 415
-bash: ausearch: command not found
Clearly, I am missing this application. Where should it be? Which RPM?
It's in the "audit" package.
Now when I run this, I get the following response:>
[root@bilbo network-scripts]# ausearch -a 415
<no matches>
Have you rebooted since the error happened?
Try this instead:
# fgrep 1151273138.255:415 /var/log/messages
Results in:
Jun 25 23:05:38 bilbo kernel: audit(1151273138.255:415): avc: denied {
create } for pid=1480 comm="dovecot"
scontext=user_u:system_r:dovecot_t:s0
tcontext=user_u:system_r:dovecot_t:s0 tclass=socket
Which is the last time I tried to start dovecot yesterday.
Having started the auditd service and then tried to start dovecot, I see
the following in the audit log file:>
type=AVC msg=audit(1151335194.177:97): avc: denied { create } for
pid=7668 comm="dovecot" scontext=user_u:system_r:dovecot_t:s0
tcontext=user_u:system_r:dovecot_t:s0 tclass=socket
type=SYSCALL msg=audit(1151335194.177:97): arch=c000003e syscall=41
success=no exit=-13 a0=0 a1=1 a2=0 a3=521040 items=0 pid=7668
auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
comm="dovecot" exe="/usr/sbin/dovecot"
type=AVC msg=audit(1151335246.188:98): avc: denied { create } for
pid=7682 comm="dovecot" scontext=user_u:system_r:dovecot_t:s0
tcontext=user_u:system_r:dovecot_t:s0 tclass=socket
type=SYSCALL msg=audit(1151335246.188:98): arch=c000003e syscall=41
success=no exit=-13 a0=0 a1=1 a2=0 a3=521040 items=0 pid=7682
auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
comm="dovecot" exe="/usr/sbin/dovecot"
and a call to ausearch -a 98 gives:>
[root@bilbo audit]# ausearch -a 98
----
time->Mon Jun 26 16:20:46 2006
type=SYSCALL msg=audit(1151335246.188:98): arch=c000003e syscall=41
success=no exit=-13 a0=0 a1=1 a2=0 a3=521040 items=0 pid=7682
auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
comm="dovecot" exe="/usr/sbin/dovecot"
type=AVC msg=audit(1151335246.188:98): avc: denied { create } for
pid=7682 comm="dovecot" scontext=user_u:system_r:dovecot_t:s0
tcontext=user_u:system_r:dovecot_t:s0 tclass=socket
[root@bilbo audit]#
Well you're doing something that's not currently in the dovecot policy.
Are you doing anything "unusual" in your dovecot.conf?
I'm got a pretty "vanilla" setup, which doesn't need any SELinux tweaking:
# grep '^ *[^ #]' /etc/dovecot.conf
protocols = imap imaps
ssl_cert_file = /etc/pki/tls/certs/city-fan-imap.crt
ssl_key_file = /etc/pki/tls/certs/city-fan-imap.key
default_mail_env = maildir:%h/mail/inbox
maildir_copy_with_hardlinks = yes
protocol imap {
listen = 127.0.0.1
ssl_listen = *
}
protocol pop3 {
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
}
protocol lda {
postmaster_address = postmaster@xxxxxxxxxxx
}
auth default {
mechanisms = plain
passdb pam {
}
userdb passwd {
}
user = root
}
plugin {
}
It's pretty easy to fix the issue you're having in FC5, but I'd like to
understand it first...
Paul.
