On 04/26/2017 08:04 AM, Gordon Messmer wrote: > On 04/25/2017 10:29 PM, Robert Moskowitz wrote: >> did not work. it was set off, so I turned it on and tried it out. >> Got the same errors: >> >> Apr 26 01:25:45 z9m9z dovecot: dict: Error: >> mysql(/var/lib/mysql/mysql.sock): Connect failed to database >> (postfix): Can't connect to local MySQL server through socket >> '/var/lib/mysql/mysql.sock' (13) - waiting for 1 seconds before retry > > OK. Re-install the policy, "tail -f /var/log/audit/audit.log" and > then try to use dovecot. You're looking for an AVC. What do you see? This takes two SSH connections for testing. No AVC. See end for the messages. > >> You would think that the mysql people would have a boolean to allow >> specific apps to access the socket. > > That's not how SELinux works. The policy on mysql doesn't control > what clients do. The clients have their own policies (or don't, many > apps run unconfined). So many of the howtos for this kind of set up call for disabling SELinux. Perhaps this is why... Here are the messages: type=SYSCALL msg=audit(1493187952.091:28323): arch=40000028 syscall=11 per=800000 success=yes exit=0 a0=45388b0 a1=35ead30 a2=5264b40 a3=100 items=0 ppid=7341 pid=11879 auid=4294967295 uid=994 gid=991 euid=994 suid=994 fsuid=994 egid=991 sgid=991 fsgid=991 tty=(none) ses=4294967295 comm="file" exe="/usr/bin/file" subj=system_u:system_r:init_t:s0 key=(null) type=PROCTITLE msg=audit(1493187952.091:28323): proctitle=2F7573722F62696E2F66696C650070303031 type=ANOM_ABEND msg=audit(1493187955.055:28324): auid=4294967295 uid=97 gid=97 ses=4294967295 subj=system_u:system_r:dovecot_t:s0 pid=11893 comm="dict" exe="/usr/libexec/dovecot/dict" sig=6 type=USER_ACCT msg=audit(1493187961.642:28325): pid=11895 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_access,pam_unix acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' type=CRED_ACQ msg=audit(1493187961.645:28326): pid=11895 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' type=LOGIN msg=audit(1493187961.653:28327): pid=11895 uid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=3927 res=1 type=USER_START msg=audit(1493187961.910:28328): pid=11895 uid=0 auid=0 ses=3927 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_loginuid,pam_keyinit,pam_limits,pam_systemd acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' type=CRED_REFR msg=audit(1493187961.922:28329): pid=11895 uid=0 auid=0 ses=3927 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' type=CRED_DISP msg=audit(1493187962.135:28330): pid=11895 uid=0 auid=0 ses=3927 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' type=USER_END msg=audit(1493187962.148:28331): pid=11895 uid=0 auid=0 ses=3927 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_loginuid,pam_keyinit,pam_limits,pam_systemd acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' type=SELINUX_ERR msg=audit(1493188004.599:28332): op=security_bounded_transition seresult=denied oldcontext=system_u:system_r:init_t:s0 newcontext=system_u:system_r:unconfined_service_t:s0 type=SYSCALL msg=audit(1493188004.599:28332): arch=40000028 syscall=11 per=800000 success=yes exit=0 a0=45388b0 a1=522fe00 a2=5266cf0 a3=100 items=0 ppid=7342 pid=11918 auid=4294967295 uid=994 gid=991 euid=994 suid=994 fsuid=994 egid=991 sgid=991 fsgid=991 tty=(none) ses=4294967295 comm="file" exe="/usr/bin/file" subj=system_u:system_r:init_t:s0 key=(null) type=PROCTITLE msg=audit(1493188004.599:28332): proctitle=2F7573722F62696E2F66696C650070303031 type=ANOM_ABEND msg=audit(1493188006.218:28333): auid=4294967295 uid=97 gid=97 ses=4294967295 subj=system_u:system_r:dovecot_t:s0 pid=11921 comm="dict" exe="/usr/libexec/dovecot/dict" sig=6 type=USER_ACCT msg=audit(1493188021.284:28334): pid=11923 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_access,pam_unix acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' type=CRED_ACQ msg=audit(1493188021.289:28335): pid=11923 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' type=LOGIN msg=audit(1493188021.293:28336): pid=11923 uid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=3928 res=1 type=USER_START msg=audit(1493188021.528:28337): pid=11923 uid=0 auid=0 ses=3928 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_loginuid,pam_keyinit,pam_limits,pam_systemd acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' type=CRED_REFR msg=audit(1493188021.532:28338): pid=11923 uid=0 auid=0 ses=3928 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' type=CRED_DISP msg=audit(1493188021.734:28339): pid=11923 uid=0 auid=0 ses=3928 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' type=USER_END msg=audit(1493188021.746:28340): pid=11923 uid=0 auid=0 ses=3928 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_loginuid,pam_keyinit,pam_limits,pam_systemd acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'