F19-mailserver & selinux complains
Cristian Sava
csava at central.ucv.ro
Wed Jun 5 06:18:51 UTC 2013
On Tue, 2013-06-04 at 08:08 -0700, Adam Williamson wrote:
> On Tue, 2013-06-04 at 12:06 +0300, Cristian Sava wrote:
> > I am trying to activate selinux for my mailserver.
> > It is F19 postfix_courier_amavisd-new_clamav_squirrelmail install in a
> > virtual environment. All needed is stock or was packaged on F19
> > (rpmbuild -ta ... / rpmbuild -ba ...) and all is working fine (selinux
> > disabled). No tar.gz directly installed.
> > I am trying to fix things one by one. Any advice is welcome. When
> > receiving a message selinux complain (permissive):
> >
> > SELinux is preventing /usr/sbin/courierlogger from getattr access on the
> > file /var/spool/authdaemon/pid.
> >
> > ***** Plugin catchall (100. confidence) suggests
> > ***************************
> >
> > If you believe that courierlogger should be allowed getattr access on
> > the pid file by default.
> > Then you should report this as a bug.
>
> If I were you, I'd do that.
>
> Well no, that's a lie. If I were you I'd stop using Courier and start
> using Dovecot, because it's better. From what I've seen, most people who
> run IMAP servers made that switch already, which may explain why Courier
> has apparently grown an SELinux issue you'd think would have been fixed
> already.
I will consider your suggestion but this may take time and testing. It
is not for today or tomorrow and not all the people will agree with us.
Courier is a robust and well working piece in a mail server so it's a
much simpler solution to disable or even uninstall selinux (why don't we
have an install time option do it).
I like very much selinux (when there is a simple way to configure it)
but I will not abandon courier just for that and many will agree with
me.
C. Sava
More information about the test
mailing list