[CentOS] NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql

On 04/26/2017 04:22 AM, Gordon Messmer wrote:
> On 04/25/2017 03:25 PM, Robert Moskowitz wrote:
>> This made the same content as before that caused problems:
>
> I still don't understand, exactly.  Are you seeing *new* problems 
> after installing a policy?  What are the problems?
>
>> #!!!! The file '/var/lib/mysql/mysql.sock' is mislabeled on your system.
>> #!!!! Fix with $ restorecon -R -v /var/lib/mysql/mysql.sock
>> #!!!! This avc can be allowed using the boolean 
>> 'daemons_enable_cluster_mode'
>> allow dovecot_t mysqld_t:unix_stream_socket connectto;
>>
>> What do these 3 comments mean?
>
> I'm not sure about the first two.  The context you see is the same I 
> see on the one system where I run mysqld.  Running restorecon doesn't 
> change that context.
>
> As for the latter, it sounds like you should be able to remove your 
> custom policy and "setsebool -P daemons_enable_cluster_mode 1" to 
> allow dovecot to connect to mysql.

did not work.  it was set off, so I turned it on and tried it out. Got 
the same errors:

Apr 26 01:25:45 z9m9z dovecot: dict: Error: 
mysql(/var/lib/mysql/mysql.sock): Connect failed to database (postfix): 
Can't connect to local MySQL server through socket 
'/var/lib/mysql/mysql.sock' (13) - waiting for 1 seconds before retry
Apr 26 01:25:45 z9m9z dovecot: dict: Error: dict sql lookup failed: Not 
connected to database

You would think that the mysql people would have a boolean to allow 
specific apps to access the socket.

And document it.