[CentOS] NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql

Fri Apr 28 16:36:21 UTC 2017
Gordon Messmer <gordon.messmer at gmail.com>

On 04/28/2017 12:06 AM, Robert Moskowitz wrote:
> Here are the messages I got:
> type=AVC msg=audit(1493361695.041:49205): avc:  denied  { rlimitinh } 
> for  pid=3047 comm="cleanup" 
> scontext=system_u:system_r:postfix_master_t:s0 
> tcontext=system_u:system_r:postfix_cleanup_t:s0 tclass=process 
> permissive=1

My advice would be to slow down, and solve one problem at a time. We 
were talking about testing dovecot, and now you're testing postfix.  I 
know you need them both to work, but these are separate services, with 
their own individual policies.  If you're going to submit a bug report, 
you need to be able to specifically describe the problem and the 
solution.  You're not going to do that by mixing different services 

> sendmail -i testit3 at test.htt-consult.com < 
> /usr/share/doc/amavisd-new-2.10.1/test-messages/README
> It failed accessing mysql with the following maillog messages:

Yes, but the policy you added earlier only granted MySQL access to 
dovecot.  For postfix, you'll want to check for booleans first and then 
create a policy (without debugging AVCs) if no boolean exists, and then 
look at debugging AVCs if there are still issues (which is *almost* 
never the case).

> When I get home Monday, I am going to rebuild the server.

That would be good.  Keep a log of *all* of the changes you make to the 
system, from the very beginning.  Once you resolve the problem, rebuild 
the server again and follow your log.