dovecot wants to access squid cache dir

Daniel J Walsh dwalsh at redhat.com
Mon Mar 12 15:03:06 UTC 2007 

Vikram Goyal wrote:
> hello,
>
> I am using FC6. Running selinux in targeted mode.
>
> selinux-policy-targeted-2.4.6-41
> dovecot-1.0-1.1.rc15.fc6
>
> Using dovecot I get the following audit messages.
> ----------------------------------------------------------------
> type=USER_AUTH msg=audit(1173532461.741:31): user pid=14121 uid=0 auid=500 subj=user_u:system_r:dovecot_auth_t:s0 msg='PAM: authentication acct=vikram : exe="/usr/libexec/dovecot/dovecot-auth" (hostname=::ffff:127.0.0.1, addr=::ffff:127.0.0.1, terminal=dovecot res=success)'
> type=USER_ACCT msg=audit(1173532461.753:32): user pid=14121 uid=0 auid=500 subj=user_u:system_r:dovecot_auth_t:s0 msg='PAM: accounting acct=vikram : exe="/usr/libexec/dovecot/dovecot-auth" (hostname=::ffff:127.0.0.1, addr=::ffff:127.0.0.1, terminal=dovecot res=success)'
> type=AVC msg=audit(1173532461.781:33): avc:  denied  { getattr } for  pid=14124 comm="dovecot" name="/" dev=sda6 ino=2 scontext=user_u:system_r:dovecot_t:s0 tcontext=system_u:object_r:sbin_t:s0 tclass=dir
> type=SYSCALL msg=audit(1173532461.781:33): arch=40000003 syscall=195 success=no exit=-13 a0=8f6a942 a1=bfff2068 a2=a5bff4 a3=8f6a94d items=0 ppid=14104 pid=14124 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=500 sgid=0 fsgid=500 tty=(none) comm="dovecot" exe="/usr/sbin/dovecot" subj=user_u:system_r:dovecot_t:s0 key=(null)
> type=AVC_PATH msg=audit(1173532461.781:33):  path="/usr/sbin"
> type=AVC msg=audit(1173532461.785:34): avc:  denied  { getattr } for  pid=14124 comm="dovecot" name="/" dev=sda11 ino=2 scontext=user_u:system_r:dovecot_t:s0 tcontext=system_u:object_r:squid_cache_t:s0 tclass=dir
> type=SYSCALL msg=audit(1173532461.785:34): arch=40000003 syscall=195 success=no exit=-13 a0=8f6a943 a1=bfff2068 a2=a5bff4 a3=8f6a955 items=0 ppid=14104 pid=14124 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=500 sgid=0 fsgid=500 tty=(none) comm="dovecot" exe="/usr/sbin/dovecot" subj=user_u:system_r:dovecot_t:s0 key=(null)
> type=AVC_PATH msg=audit(1173532461.785:34):  path="/var/spool/squid"
> ----------------------------------------------------------------
>
> The advice audit2allow gives me:
>
> root at fc6host ~]# audit2allow
> allow dovecot_t sbin_t:dir getattr;
>   
I will add to next policy
> allow dovecot_t squid_cache_t:dir getattr;
>   
Probably should be dontaudited looks like dovecot is just listing /var/spool
> I have allowed it for now but I'm not sure.
>
> please advice.
>
> Thanks!
>

More information about the selinux mailing list