Mark Evers wrote: > The file was created by a regular "yum install dovecot", and i altered it > later using nano > The weard thing is, when it runs it keeps running, sometimes when i > reboot it isn't blocked by SELinux, but most times it is. > > I just did the "restorecon /etc/dovecot.conf" and rebooted and it started > fine > >> Basically its context is wrong, Should be dovecot_etc_t not >> etc_runtime_t. > > Errrr?? > > > ----- Original Message ----- From: "Daniel J Walsh" <dwalsh(a)redhat.com&gt; > To: "Mark Evers" <beheer(a)net-care.nl&gt; > Cc: <fedora-selinux-list(a)redhat.com&gt; > Sent: Wednesday, December 14, 2005 10:51 PM > Subject: Re: Still having problems with SELinux and Dovecot > > >> Mark Evers wrote: >>> Well, i still have problems with SELinux and Dovecot, when i do a >>> reboot i get a error >>> Starting Dovecot Imap: Fatal: Can't open configuration file >>> /etc/dovecot.conf: Permission denied >>> and in the audit.log i find this error >>> type=AVC msg=audit(1134595859.843:208): avc: denied { read } for >>> pid=26990 comm="dovecot" name="dovecot.conf" dev=dm-0 ino=197586 >>> scontext=system_u:system_r:dovecot_t >>> tcontext=system_u:object_r:etc_runtime_t tclass=file >>> type=SYSCALL msg=audit(1134595859.843:208): arch=40000003 syscall=5 >>> success=no exit=-13 a0=8058a3e a1=8000 a2=0 a3=8000 items=1 pid=26990 >>> auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 >>> comm="dovecot" exe="/usr/sbin/dovecot" >>> type=CWD msg=audit(1134595859.843:208): >>> cwd="/usr/libexec/webmin/dovecot" >>> type=PATH msg=audit(1134595859.843:208): item=0 >>> name="/etc/dovecot.conf" flags=101 inode=197586 dev=fd:00 mode=0100644 >>> ouid=0 ogid=0 rdev=00:00 >>> I can only fix this by doing a "fixfiles relabel" and "touch >>> ./autorelabel" and then it works again, till the next reboot.. >>> Is there a way to fix this? or is there a way to exclude dovecot from >>> SELinux?? >>> >> restorecon /etc/dovecot.conf >> >> How does that file get created? Is it being created by an init script? >> >> Basically its context is wrong, Should be dovecot_etc_t not >> etc_runtime_t. >> Well watch that file context and make sure no init script is replacing that file.

>>> Mark Evers >>> ------------------------------------------------------------------------ >>> >>> >>> -- >>> fedora-selinux-list mailing list >>> fedora-selinux-list(a)redhat.com >>> https://www.redhat.com/mailman/listinfo/fedora-selinux-list >> >> >> -- >> > --