Package: selinux-policy-default Version: 2:2.20110726-9 Severity: important
Dear Maintainer, * What led up to the situation? Trying to use IMAP mail with dovecot while system was in selinux enforcing mode. * What exactly did you do (or not do) that was effective (or ineffective)? User login to dovecot IMAP server with "setenforce 0" and "setenforce 1". * What was the outcome of this action? Login was denied despite the username and password being correct when enforcing was active. audit.log indicated that the /usr/lib/dovecot/auth executable was denied access to shadow. Added fcontext for: /usr/lib/dovecot/auth regular file system_u:object_r:dovecot_auth_exec_t:s0 /usr/lib/dovecot/dovecot-lda regular file system_u:object_r:lda_exec_t:s0 /usr/lib/dovecot/libdovecot.*\.so.* regular file system_u:object_r:lib_t:s0 ...and "restorecon -rv /usr/lib/dovecot" fixed the issue. * What outcome did you expect instead? Login to IMAP server should work when selinux in enforcing mode. -- System Information: Debian Release: wheezy/sid APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: i386 (i686) Kernel: Linux 3.2.0-2-686-pae (SMP w/1 CPU core) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages selinux-policy-default depends on: ii libpam-modules 1.1.3-7 ii libselinux1 2.1.9-2 ii libsepol1 2.1.4-3 ii policycoreutils 2.1.10-1 ii python 2.7.2-10 Versions of packages selinux-policy-default recommends: ii checkpolicy 2.1.8-2 ii setools 3.3.7-2 Versions of packages selinux-policy-default suggests: pn logcheck <none> pn syslog-summary <none> -- Configuration Files: /etc/selinux/default/modules/active/file_contexts.local changed: /usr/lib/dovecot/auth -- system_u:object_r:dovecot_auth_exec_t:s0 /usr/lib/dovecot/dovecot-lda -- system_u:object_r:lda_exec_t:s0 /usr/lib/dovecot/libdovecot.*\.so.* -- system_u:object_r:lib_t:s0 -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org