Hi,
I'm trying to grant dovecot the ability to manage its socket within the postfix spool directory.
I have added the below to file_contexts.local :
/var/spool/postfix/private/dovecot-auth system_u:system_r:dovecot_t:s0
However, running "restorecon -v /var/spool/postfix/private/dovecot-auth" gives me the following error :
restorecon: lstat(/var/spool/postfix/private/dovecot-auth) failed: No such file or directory
I cannot create the socket file in advance, because dovecot manages it, and if you "touch" the file, dovecot complains.
Where am I going wrong ?
Thanks !
Tim
Hello,
restorecon works only for existing files, for new files you are looking for file transition rule.
Google that out, there is plenty of articles on that topic, for example:
https://fedoraproject.org/wiki/Features/SELinuxFileNameTransition
LZ
2017-01-23 19:57 GMT+01:00 Tim Smith r.a.n.d.o.m.d.e.v.4+centos@gmail.com:
Hi,
I'm trying to grant dovecot the ability to manage its socket within the postfix spool directory.
I have added the below to file_contexts.local :
/var/spool/postfix/private/dovecot-auth system_u:system_r:dovecot_t:s0
However, running "restorecon -v /var/spool/postfix/private/dovecot-auth" gives me the following error :
restorecon: lstat(/var/spool/postfix/private/dovecot-auth) failed: No such file or directory
I cannot create the socket file in advance, because dovecot manages it, and if you "touch" the file, dovecot complains.
Where am I going wrong ?
Thanks !
Tim _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Thanks for the pointer, will take a look down that route.
Could you confirm the below is expected behaviour on Centos ?
# semanage fcontext -a -t my_postfixauth_private_t "/var/spool/postfix/private(/.*)?" ValueError: Type my_postfixauth_private_t is invalid, must be a file or device type
On 23 January 2017 at 19:06, Lukas Zapletal lukas@zapletalovi.com wrote:
Hello,
restorecon works only for existing files, for new files you are looking for file transition rule.
Google that out, there is plenty of articles on that topic, for example:
https://fedoraproject.org/wiki/Features/SELinuxFileNameTransition
LZ
2017-01-23 19:57 GMT+01:00 Tim Smith r.a.n.d.o.m.d.e.v.4+centos@gmail.com:
Hi,
I'm trying to grant dovecot the ability to manage its socket within the postfix spool directory.
I have added the below to file_contexts.local :
/var/spool/postfix/private/dovecot-auth system_u:system_r:dovecot_t:s0
However, running "restorecon -v /var/spool/postfix/private/dovecot-auth" gives me the following error :
restorecon: lstat(/var/spool/postfix/private/dovecot-auth) failed: No such file or directory
I cannot create the socket file in advance, because dovecot manages it, and if you "touch" the file, dovecot complains.
Where am I going wrong ?
Thanks !
Tim _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
-- S pozdravem / Best regards Lukas Zapletal _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Am 23.01.2017 um 23:44 schrieb Tim Smith:
Thanks for the pointer, will take a look down that route.
Could you confirm the below is expected behaviour on Centos ?
# semanage fcontext -a -t my_postfixauth_private_t "/var/spool/postfix/private(/.*)?" ValueError: Type my_postfixauth_private_t is invalid, must be a file or device type
Did you define my_postfixauth_private_t yourself? And if so, why?
All my sockets inside /var/spool/postfix/private/ have the type postfix_private_t. I don't see why you think a non-standard type would fit. And postfix_private_t gets automatically assigned and a custom fcontext should not be necessary.
Alexander
Did you define my_postfixauth_private_t yourself? And if so, why?
All my sockets inside /var/spool/postfix/private/ have the type postfix_private_t. I don't see why you think a non-standard type would fit. And postfix_private_t gets automatically assigned and a custom fcontext should not be necessary.
Alexander
I just gave up in the end and did what you're (apparently) not supposed to do .....
fgrep dovecot_t /var/log/audit/audit.log | audit2allow
The output moaned about base types, but googling that just led me into the murky depths of even more confusing selinux wizardry. So I gave up trying to fix that too.... by that point I had wasted three days trying to get Dovecot working and wasn't about to waste another three figuring how to get around the "base types" complaints.
I love the concept of selinux but boy do I wish the developers wouldn't have made it quite so obscure and complicated to work with !!
This last update caused numerous services to stop working for me. I fixed them with a relabel.
touch /.autorelabel reboot
Try that and see... Mike
On 01/23/2017 01:57 PM, Tim Smith wrote:
Hi,
I'm trying to grant dovecot the ability to manage its socket within the postfix spool directory.
I have added the below to file_contexts.local :
/var/spool/postfix/private/dovecot-auth system_u:system_r:dovecot_t:s0
However, running "restorecon -v /var/spool/postfix/private/dovecot-auth" gives me the following error :
restorecon: lstat(/var/spool/postfix/private/dovecot-auth) failed: No such file or directory
I cannot create the socket file in advance, because dovecot manages it, and if you "touch" the file, dovecot complains.
Where am I going wrong ?
Thanks !
Tim _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
-
Alexander Dalloz -
Lukas Zapletal -
Mike McCarthy, W1NR -
Tim Smith