Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1516521 - SELinux denies dovecot 'map' access to dovecot.index and dovecot.index.log files of type mail_home_rw_t, prevents it working
Summary: SELinux denies dovecot 'map' access to dovecot.index and dovecot.index.log fi...
Status: CLOSED DUPLICATE of bug 1513153
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted
Version: 27
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Lukas Vrabec
QA Contact: Ben Levenson
Depends On:
TreeView+ depends on / blocked
Reported: 2017-11-22 20:00 UTC by Adam Williamson
Modified: 2017-11-22 20:18 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2017-11-22 20:18:57 UTC

Attachments (Terms of Use)

Description Adam Williamson 2017-11-22 20:00:32 UTC
After upgrading my mail server to Fedora 27, dovecot (IMAP server) does not work properly - it runs, but clients can't refresh folders reliably. This seems to be caused by SELinux denials like this:

Nov 22 11:40:18 audit[838]: AVC avc:  denied  { map } for  pid=838 comm="imap" path="/home/adamw/Maildir/dovecot.index" dev="vda3" ino=942391 scontext=system_u:system_r:dovecot_t:s0 tcontext=system_u:object_r:mail_home_rw_t:s0 tclass=file permissive=0

There are many denials for 'dovecot.index' files in various subdirectories (which represent mail folders, in maildir-style mail storage).

There are also similar denials for dovecot.index.log files, e.g.:

Nov 22 11:40:21 audit[838]: AVC avc:  denied  { map } for  pid=838 comm="imap" path="/home/adamw/Maildir/.Blog/dovecot.index" dev="vda3" ino=936911 scontext=system_u:system_r:dovecot_t:s0 tcontext=system_u:object_r:mail_home_rw_t:s0 tclass=file permissive=0

Comment 1 Adam Williamson 2017-11-22 20:18:57 UTC

*** This bug has been marked as a duplicate of bug 1513153 ***

Note You need to log in before you can comment on or make changes to this bug.