I am having a very strange issue with Dovecot + Sqlite + SELinux in enforcing. I am able to log in via IMAPS if SELinux is in permissive, but not able to do so when in enforcing. I do not see any SELinux denials even with dontaudit's enabled. I am running Centos 5 on x86_64 with a customized kernel build and SElinux Strict policy. The log dumps below are in the following order: 1. My syslog output when SElinux is enforcing 2. My mail client's protocol log (using Sylpheed) 3. My syslog output when SElinux is permissive.
From the audit log, syscall 2 (from the message "type=SYSCALL ... syscall=2 success=no" appears to be sys_open for x86_64 architectures. syscall 87 is sys_unlink. Why is my mail client getting a SQL error message even though dovecot's auth log reported login success? Is this a sqlite problem instead of a dovecot one? FYI, I am using dovecot-2.2.10 (from ATrpms.net) and sqlite-3.3.6-7 There appears to be several options related to the temporary store on sqlite's documentation, the solution may be to use memory (instead of files) for temporary tables... dovecot: auth-worker(29695): Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_mysql.so dovecot: auth-worker(29695): Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_pgsql.so dovecot: auth-worker(29695): Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_sqlite.so dovecot: auth-worker(29695): Debug: sql(mailadmin,10.0.77.80): query: SELECT password FROM users WHERE username = 'mailadmin' dovecot: auth: Debug: client passdb out: OK 1 user=mailadmin dovecot: auth: Debug: master in: REQUEST 3487432705 29692 1 17d4d0374be5dec51ce20917470caed8 session_pid=29696 request_auth_token dovecot: auth-worker(29695): Debug: sql(mailadmin,10.0.77.80): SELECT username FROM users WHERE username = 'mailadmin' AND view_mail = 't' AND 'imap' = 'imap' dovecot: auth: Debug: master userdb out: USER 3487432705 mailadmin uid=97 gid=12 home=/var/mail/mailadmin auth_token=e0d0ed3080574ab089f1a5302d43110ffa15ec42 dovecot: imap-login: Login: user=<mailadmin>, method=PLAIN, rip=10.0.77.80, lip=10.0.78.223, mpid=29696, TLS, session=<0C+M3A/9OwCsEQFQ> audispd: node=myhost.somewhere type=SYSCALL msg=audit(1404144473.421:46298): arch=c000003e syscall=2 success=no exit=-13 a0=7fff97f77ce0 a1=c2 a2=1a4 a3=0 items=1 ppid=29697 pid=29699 auid=7033 uid=8 gid=12 euid=8 suid=8 fsuid=8 egid=12 sgid=12 fsgid=12 tty=(none) ses=108 comm="sqlite3" exe="/usr/bin/sqlite3" subj=system_u:system_r:dovecot_t:s0 key="access" audispd: node=myhost.somewhere type=CWD msg=audit(1404144473.421:46298): cwd="/var/run/dovecot" audispd: node=myhost.somewhere type=PATH msg=audit(1404144473.421:46298): item=0 name="./sqlite_ZPh8vGq4ia1CCsJ" inode=8192027 dev=fb:02 mode=040755 ouid=0 ogid=97 rdev=00:00 obj=system_u:object_r:dovecot_var_run_t:s0 audispd: node=myhost.somewhere type=EOE msg=audit(1404144473.421:46298): audispd: node=myhost.somewhere type=SYSCALL msg=audit(1404144473.422:46299): arch=c000003e syscall=2 success=no exit=-13 a0=7fff97f77ce0 a1=c2 a2=1a4 a3=0 items=1 ppid=29697 pid=29699 auid=7033 uid=8 gid=12 euid=8 suid=8 fsuid=8 egid=12 sgid=12 fsgid=12 tty=(none) ses=108 comm="sqlite3" exe="/usr/bin/sqlite3" subj=system_u:system_r:dovecot_t:s0 key="access" audispd: node=myhost.somewhere type=CWD msg=audit(1404144473.422:46299): cwd="/var/run/dovecot" audispd: node=myhost.somewhere type=PATH msg=audit(1404144473.422:46299): item=0 name="./sqlite_9i9aIbK0rBuJWFS" inode=8192027 dev=fb:02 mode=040755 ouid=0 ogid=97 rdev=00:00 obj=system_u:object_r:dovecot_var_run_t:s0 ... REPEATED MANY TIMES ... audispd: node=myhost.somewhere type=SYSCALL msg=audit(1404145638.097:46407): arch=c000003e syscall=87 success=yes exit=0 a0=608872 a1=60aa50 a2=60e0d0 a3=0 items=2 ppid=29774 pid=29776 auid=7033 uid=8 gid=12 euid=8 suid=8 fsuid=8 egid=12 sgid=12 fsgid=12 tty=(none) ses=108 comm="sqlite3" exe="/usr/bin/sqlite3" subj=system_u:system_r:dovecot_t:s0 key="delete" audispd: node=myhost.somewhere type=CWD msg=audit(1404145638.097:46407): cwd="/var/run/dovecot" dovecot: imap(mailadmin): Debug: Effective uid=97, gid=12, home=/var/mail/mailadmin dovecot: imap(mailadmin): Debug: Namespace inbox: type=private, prefix=, sep=, inbox=yes, hidden=no, list=yes, subscriptions=yes location=mdbox:/var/mail/mailadmin dovecot: imap(mailadmin): Debug: fs: root=/var/mail/mailadmin, index=, indexpvt=, control=, inbox=, alt= audispd: node=myhost.somewhere type=PATH msg=audit(1404145638.097:46407): item=0 name="/var/lib/maildb/" inode=3735776 dev=fb:02 mode=040775 ouid=0 ogid=12 rdev=00:00 obj=system_u:object_r:var_lib_t:s0 audispd: node=myhost.somewhere type=PATH msg=audit(1404145638.097:46407): item=1 name="/var/lib/maildb/users.db-journal" inode=3735779 dev=fb:02 mode=0100600 ouid=8 ogid=12 rdev=00:00 obj=system_u:object_r:var_lib_t:s0 audispd: node=myhost.somewhere type=EOE msg=audit(1404145638.097:46407): * creating IMAP4 connection to 10.0.78.223:993 ... * SSL certificate of 10.0.78.223 previously accepted [12:17:37] IMAP4< * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN] Dovecot ready. [12:17:37] IMAP4> 1 CAPABILITY [12:17:37] IMAP4< * CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN [12:17:37] IMAP4< 1 OK Pre-login capabilities listed, post-login capabilities have more. [12:17:37] IMAP4> 2 AUTHENTICATE PLAIN [12:17:37] IMAP4< + [12:17:37] IMAP4> **************** [12:17:37] IMAP4< SQL error: unable to open database file ** LibSylph-WARNING: [12:17:37] IMAP4 authentication failed. dovecot: auth-worker(29747): Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_mysql.so dovecot: auth-worker(29747): Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_pgsql.so dovecot: auth-worker(29747): Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_sqlite.so dovecot: auth-worker(29747): Debug: sql(mailadmin,10.0.77.80): query: SELECT password FROM users WHERE username = 'mailadmin' dovecot: auth: Debug: client passdb out: OK 1 user=mailadmin dovecot: auth: Debug: master in: REQUEST 1811939329 29745 1 8ec504decee63fdeb7c94b1193a70872 session_pid=29748 request_auth_token dovecot: auth-worker(29747): Debug: sql(mailadmin,10.0.77.80): SELECT username FROM users WHERE username = 'mailadmin' AND view_mail = 't' AND 'imap' = 'imap' dovecot: auth: Debug: master userdb out: USER 1811939329 mailadmin uid=97 gid=12 home=/var/mail/mailadmin auth_token=2015ca3583c60fd9108a639c35c066d2613a2219 dovecot: imap-login: Login: user=<mailadmin>, method=PLAIN, rip=10.0.77.80, lip=10.0.78.223, mpid=29748, TLS, session=<BkhN7Q/9wACsEQFQ> audispd: node=myhost.somewhere type=SYSCALL msg=audit(1404144754.513:46369): arch=c000003e syscall=87 success=yes exit=0 a0=7fffc59431a0 a1=0 a2=7ffa4c972b40 a3=0 items=2 ppid=29749 pid=29751 auid=7033 uid=8 gid=12 euid=8 suid=8 fsuid=8 egid=12 sgid=12 fsgid=12 tty=(none) ses=108 comm="sqlite3" exe="/usr/bin/sqlite3" subj=system_u:system_r:dovecot_t:s0 key="delete" audispd: node=myhost.somewhere type=CWD msg=audit(1404144754.513:46369): cwd="/var/run/dovecot" audispd: node=myhost.somewhere type=PATH msg=audit(1404144754.513:46369): item=0 name="/var/tmp/" inode=2 dev=fb:01 mode=041777 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:tmp_t:s0 audispd: node=myhost.somewhere type=PATH msg=audit(1404144754.513:46369): item=1 name="/var/tmp/sqlite_vxCdWSgpDUDm7VV" inode=98307 dev=fb:01 mode=0100600 ouid=8 ogid=12 rdev=00:00 obj=system_u:object_r:tmp_t:s0 audispd: node=myhost.somewhere type=EOE msg=audit(1404144754.513:46369): audispd: node=myhost.somewhere type=SYSCALL msg=audit(1404144754.513:46370): arch=c000003e syscall=87 success=yes exit=0 a0=7fffc59431a0 a1=0 a2=7ffa4c972b40 a3=0 items=2 ppid=29749 pid=29751 auid=7033 uid=8 gid=12 euid=8 suid=8 fsuid=8 egid=12 sgid=12 fsgid=12 tty=(none) ses=108 comm="sqlite3" exe="/usr/bin/sqlite3" subj=system_u:system_r:dovecot_t:s0 key="delete" audispd: node=myhost.somewhere type=CWD msg=audit(1404144754.513:46370): cwd="/var/run/dovecot" audispd: node=myhost.somewhere type=PATH msg=audit(1404144754.513:46370): item=0 name="/var/tmp/" inode=2 dev=fb:01 mode=041777 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:tmp_t:s0 audispd: node=myhost.somewhere type=PATH msg=audit(1404144754.513:46370): item=1 name="/var/tmp/sqlite_4h8lCyF8htbWvZb" inode=98310 dev=fb:01 mode=0100600 ouid=8 ogid=12 rdev=00:00 obj=system_u:object_r:tmp_t:s0 audispd: node=myhost.somewhere type=EOE msg=audit(1404144754.513:46370): ... REPEATED MANY TIMES ... audispd: node=myhost.somewhere type=SYSCALL msg=audit(1404144754.533:46373): arch=c000003e syscall=87 success=yes exit=0 a0=608872 a1=60aa50 a2=60e0d0 a3=0 items=2 ppid=29749 pid=29751 auid=7033 uid=8 gid=12 euid=8 suid=8 fsuid=8 egid=12 sgid=12 fsgid=12 tty=(none) ses=108 comm="sqlite3" exe="/usr/bin/sqlite3" subj=system_u:system_r:dovecot_t:s0 key="delete" audispd: node=myhost.somewhere type=CWD msg=audit(1404144754.533:46373): cwd="/var/run/dovecot" audispd: node=myhost.somewhere type=PATH msg=audit(1404144754.533:46373): item=0 name="/var/lib/maildb/" inode=3735776 dev=fb:02 mode=040775 ouid=0 ogid=12 rdev=00:00 obj=system_u:object_r:var_lib_t:s0 audispd: node=myhost.somewhere type=PATH msg=audit(1404144754.533:46373): item=1 name="/var/lib/maildb/users.db-journal" inode=3735779 dev=fb:02 mode=0100600 ouid=8 ogid=12 rdev=00:00 obj=system_u:object_r:var_lib_t:s0 audispd: node=myhost.somewhere type=EOE msg=audit(1404144754.533:46373): dovecot: imap(mailadmin): Debug: Effective uid=97, gid=12, home=/var/mail/mailadmin dovecot: imap(mailadmin): Debug: Namespace inbox: type=private, prefix=, sep=, inbox=yes, hidden=no, list=yes, subscriptions=yes location=mdbox:/var/mail/mailadmin dovecot: imap(mailadmin): Debug: fs: root=/var/mail/mailadmin, index=, indexpvt=, control=, inbox=, alt=
