This is an old issue, but I am building a new system and hit this
problem all over again.
This time, I asked for help from the SELinux list, as googling did not
find anything new. What resulted was a policy to allow dovecot to
connect to mysql.sock:
yum install policycoreutils
cat > dovecot_mysql.te << \EOF
policy_module(dovecot_mysql,1.0.0)
gen_require(`
type dovecot_t;
')
mysql_read_config(dovecot_t)
mysql_stream_connect(dovecot_t)
EOF
make -f /usr/share/selinux/devel/Makefile dovecot_mysql.pp
semodule -i dovecot_mysql.pp
IF you are using a TCP connection over 127.0.0.1, then it is simpler:
echo '(allow dovecot_t mysqld_port_t (tcp_socket (name_connect)))' >
dovecot-mysql.cil
semodule -i dovecot-mysql.cil
sesearch -A -s dovecot_t -c tcp_socket -p name_connect | grep sql
allow dovecot_t mysqld_port_t:tcp_socket name_connect;
allow dovecot_t postgresql_port_t:tcp_socket name_connect;
Enjoy!
On 4/7/17 11:12 AM, Robert Moskowitz wrote:
I reread my sql.conf.ext files and realized they were actually
connecting to localhost. So I did some googling, and found how to
connect to the socket:
connect = host=/var/lib/mysql/mysql.sock dbname=postfix user=postfix
password=Postfix_Database_Password
And all fixed. No more failures. Plus probably securer.
On 04/07/2017 10:57 AM, Robert Moskowitz wrote:
The strange thing is that dovecot auth has no problem connecting to
mysql, but the quota query is what is failing.
On 04/07/2017 10:43 AM, Robert Moskowitz wrote:
As I have noted in previous messages, I been getting the following
on my new mailserver:
Apr 7 10:17:27 z9m9z dovecot: dict: Error: mysql(localhost):
Connect failed to database (postfix): Can't connect to local MySQL
server through socket '/var/lib/mysql/mysql.sock' (13) - waiting for
25 seconds before retry
They go away when I setenforce 0. It is not a timing issue as I
earlier thought.
So I googled dovecot mysql selinux and the only worthwhile hit was:
http://zszsit.blogspot.com/2012/12/dovecot-mysql-selinux-issue-on-centos6.html
that provides a /etc/selinux/dovecot2mysql.te and other selinux stuff.
Is there a simpler way like a setsbool option?
With all the howtos on dovecot with mysql, it is interesting that
none of them seem to have this problem. Maybe because they connect
to mysql through TCP port 3306 which has ITS set of problems (like
MariaDB defaults to not listening on TCP).
thanks!