[Dovecot] deliver triggering SELinux AVC denials

Tue, 01 Jan 2008 19:07:41 -0800

I setup postfix/dovecot on a new machine and now all works well with the small exception of dovecot triggering selinux avc denials on some temp... files here is a sample alert: 

Summary
   SELinux is preventing /usr/libexec/dovecot/deliver (dovecot_deliver_t)
   "link" to temp.localhost.678.40caaf5592891c46 (user_home_dir_t).

Detailed Description
SELinux denied access requested by /usr/libexec/dovecot/deliver. It is not expected that this access is required by /usr/libexec/dovecot/deliver and this access may signal an intrusion attempt. It is also possible that the 
   specific version or configuration of the application is causing it to
   require additional access.

Allowing Access
   Sometimes labeling problems can cause SELinux denials.  You could try to
   restore the default system file context for
   temp.localhost.678.40caaf5592891c46, restorecon -v
   temp.localhost.678.40caaf5592891c46 If this does not work, there is
currently no automatic way to allow this access. Instead, you can generate 
   a local policy module to allow this access - see
http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can disable 
   SELinux protection altogether. Disabling SELinux protection is not
recommended. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi 
   against this package.
Additional Information 
Source Context                user_u:system_r:dovecot_deliver_t
Target Context                user_u:object_r:user_home_dir_t
Target Objects                temp.localhost.678.40caaf5592891c46 [ file ]
Affected RPM Packages         dovecot-1.0.7-16.fc7 [application]
Policy RPM                    selinux-policy-2.6.4-63.fc7
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Permissive
Plugin Name                   plugins.catchall_file
Host Name                     localhost
Platform                      Linux localhost 2.6.23.8-34.fc7 #1 SMP Thu Nov
                             22 23:05:33 EST 2007 i686 athlon
Alert Count                   1
First Seen                    Tue 01 Jan 2008 09:29:35 PM EST
Last Seen                     Tue 01 Jan 2008 09:29:35 PM EST
Local ID                      507dd6a2-da46-4541-8c10-a0771bc85042
Line Numbers Raw Audit Messages 
avc: denied { link } for comm="deliver" dev=dm-0 egid=5000 euid=5000
exe="/usr/libexec/dovecot/deliver" exit=0 fsgid=5000 fsuid=5000 gid=5000 items=0 
name="temp.localhost.678.40caaf5592891c46" pid=678
scontext=user_u:system_r:dovecot_deliver_t:s0 sgid=5000
subj=user_u:system_r:dovecot_deliver_t:s0 suid=5000 tclass=file
tcontext=user_u:object_r:user_home_dir_t:s0 tty=(none) uid=5000

and 5000 is user vmail.
When I look for these files that it is complaining about they are never in the filesystem. I get about 8 alerts with every email that is delivered. Right now I have SELinux set to permissive so that the mail gets delivered but I would like to find the cause of this problem so that I can set it back to enforcing. 

????

Gerry

Reply via email to