[CentOS] NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql

Wed Apr 26 06:55:58 UTC 2017
Phoenix, Merka <merka.phoenix at hpe.com>

Robert,

in regards to your Postfix and Dovecot issue with MySQL and SELinux,

> Apr 26 01:25:45 z9m9z dovecot: dict: Error: 
> mysql(/var/lib/mysql/mysql.sock): Connect failed to database 
> (postfix): Can't connect to local MySQL server through socket 
> '/var/lib/mysql/mysql.sock' (13) - waiting for 1 seconds before retry
> Apr 26 01:25:45 z9m9z dovecot: dict: Error: dict sql lookup failed: 
> Not connected to database
>

A Google search brought up this write-up of how William (a Red Hat engineer in Australia) faced this in 2011 and was able to solve the issue. His blog still has recent posts in 2017, so you might want to browse the "about
 page and contact him directly to discuss the post.

See: http://firstyear.id.au/blog/html/2011/07/05/SELinux_for_postfix_+_dovecot.html
 
On this post referenced above, the author has a sample SELinux policy for postfix/dovecot and mysql.
While the post references an e-mail setup guide link that is no longer reachable, the policy file is still present in text.
 
This URL: https://mgrepl.fedorapeople.org/man_selinux/Fedora18/mysqld.html 
has a good summary of the Booleans available for the MySQL SELinux policy

For Dovecot, you will need a policy that allows the dovecot process to transition from whatever context it is currently running into the applicable context that is defined for the mysqld process (or at least some SELinux context that permits access to the socket.)

Cheers!

Simba
Engineering