[CentOS] NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql

[Rob Kampen]

On 26/04/17 17:29, Robert Moskowitz wrote:
>
>
> On 04/26/2017 04:22 AM, Gordon Messmer wrote:
>> On 04/25/2017 03:25 PM, Robert Moskowitz wrote:
>>> This made the same content as before that caused problems:
>>
>> I still don't understand, exactly.  Are you seeing *new* problems 
>> after installing a policy?  What are the problems?
>>
>>> #!!!! The file '/var/lib/mysql/mysql.sock' is mislabeled on your 
>>> system.
>>> #!!!! Fix with $ restorecon -R -v /var/lib/mysql/mysql.sock
>>> #!!!! This avc can be allowed using the boolean 
>>> 'daemons_enable_cluster_mode'
>>> allow dovecot_t mysqld_t:unix_stream_socket connectto;
>>>
>>> What do these 3 comments mean?
>>
>> I'm not sure about the first two.  The context you see is the same I 
>> see on the one system where I run mysqld.  Running restorecon doesn't 
>> change that context.
>>
>> As for the latter, it sounds like you should be able to remove your 
>> custom policy and "setsebool -P daemons_enable_cluster_mode 1" to 
>> allow dovecot to connect to mysql.
>
> did not work.  it was set off, so I turned it on and tried it out. Got 
> the same errors:
>
> Apr 26 01:25:45 z9m9z dovecot: dict: Error: 
> mysql(/var/lib/mysql/mysql.sock): Connect failed to database 
> (postfix): Can't connect to local MySQL server through socket 
> '/var/lib/mysql/mysql.sock' (13) - waiting for 1 seconds before retry
> Apr 26 01:25:45 z9m9z dovecot: dict: Error: dict sql lookup failed: 
> Not connected to database
>
how have you specified your mysql server host? as localhost, 127.0.0.1 
or as the hosts IP address? In my experience it needs to be localhost or 
127.0.0.1 and these are also defined in /etc/hosts
hth
> You would think that the mysql people would have a boolean to allow 
> specific apps to access the socket.
>
> And document it.
>
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> https://lists.centos.org/mailman/listinfo/centos