selinux, dovecot and sieve

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP












5















I've just started learning to configure SELINUX and this morning on my CentOS 6.4 x64 system, with postfix/dovecot/mysql installed, I woke up to the following selinux issue



found 1 alerts in /var/log/audit/audit.log
----------------------------------------------------------------------------

SELinux is preventing /usr/libexec/dovecot/lmtp from write access on the directory sieve.

***** Plugin catchall (100. confidence) suggests ***************************

If you believe that lmtp should be allowed write access on the sieve directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep lmtp /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp
# semodule -i mypol.pp


When I run



grep lmtp /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp


I get



module dovecot 1.0;
require
type dovecot_etc_t;
type dovecot_t;
class dir write;

#============= dovecot_t ==============
allow dovecot_t dovecot_etc_t:dir write;


and then when I run



semodule -i mypol.pp


I get



libsepol.print_missing_requirements: dovecot's global requirements were not
met: type/attribute dovecot_etc_t (No such file or directory).
libsemanage.semanage_link_sandbox: Link packages failed (No such file or directory).
semodule: Failed!


This has worked for me in the past but it's stumped me this time :s. Can anyone push me in the right direction, please?










share|improve this question




























    5















    I've just started learning to configure SELINUX and this morning on my CentOS 6.4 x64 system, with postfix/dovecot/mysql installed, I woke up to the following selinux issue



    found 1 alerts in /var/log/audit/audit.log
    ----------------------------------------------------------------------------

    SELinux is preventing /usr/libexec/dovecot/lmtp from write access on the directory sieve.

    ***** Plugin catchall (100. confidence) suggests ***************************

    If you believe that lmtp should be allowed write access on the sieve directory by default.
    Then you should report this as a bug.
    You can generate a local policy module to allow this access.
    Do
    allow this access for now by executing:
    # grep lmtp /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp
    # semodule -i mypol.pp


    When I run



    grep lmtp /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp


    I get



    module dovecot 1.0;
    require
    type dovecot_etc_t;
    type dovecot_t;
    class dir write;

    #============= dovecot_t ==============
    allow dovecot_t dovecot_etc_t:dir write;


    and then when I run



    semodule -i mypol.pp


    I get



    libsepol.print_missing_requirements: dovecot's global requirements were not
    met: type/attribute dovecot_etc_t (No such file or directory).
    libsemanage.semanage_link_sandbox: Link packages failed (No such file or directory).
    semodule: Failed!


    This has worked for me in the past but it's stumped me this time :s. Can anyone push me in the right direction, please?










    share|improve this question


























      5












      5








      5








      I've just started learning to configure SELINUX and this morning on my CentOS 6.4 x64 system, with postfix/dovecot/mysql installed, I woke up to the following selinux issue



      found 1 alerts in /var/log/audit/audit.log
      ----------------------------------------------------------------------------

      SELinux is preventing /usr/libexec/dovecot/lmtp from write access on the directory sieve.

      ***** Plugin catchall (100. confidence) suggests ***************************

      If you believe that lmtp should be allowed write access on the sieve directory by default.
      Then you should report this as a bug.
      You can generate a local policy module to allow this access.
      Do
      allow this access for now by executing:
      # grep lmtp /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp
      # semodule -i mypol.pp


      When I run



      grep lmtp /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp


      I get



      module dovecot 1.0;
      require
      type dovecot_etc_t;
      type dovecot_t;
      class dir write;

      #============= dovecot_t ==============
      allow dovecot_t dovecot_etc_t:dir write;


      and then when I run



      semodule -i mypol.pp


      I get



      libsepol.print_missing_requirements: dovecot's global requirements were not
      met: type/attribute dovecot_etc_t (No such file or directory).
      libsemanage.semanage_link_sandbox: Link packages failed (No such file or directory).
      semodule: Failed!


      This has worked for me in the past but it's stumped me this time :s. Can anyone push me in the right direction, please?










      share|improve this question
















      I've just started learning to configure SELINUX and this morning on my CentOS 6.4 x64 system, with postfix/dovecot/mysql installed, I woke up to the following selinux issue



      found 1 alerts in /var/log/audit/audit.log
      ----------------------------------------------------------------------------

      SELinux is preventing /usr/libexec/dovecot/lmtp from write access on the directory sieve.

      ***** Plugin catchall (100. confidence) suggests ***************************

      If you believe that lmtp should be allowed write access on the sieve directory by default.
      Then you should report this as a bug.
      You can generate a local policy module to allow this access.
      Do
      allow this access for now by executing:
      # grep lmtp /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp
      # semodule -i mypol.pp


      When I run



      grep lmtp /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp


      I get



      module dovecot 1.0;
      require
      type dovecot_etc_t;
      type dovecot_t;
      class dir write;

      #============= dovecot_t ==============
      allow dovecot_t dovecot_etc_t:dir write;


      and then when I run



      semodule -i mypol.pp


      I get



      libsepol.print_missing_requirements: dovecot's global requirements were not
      met: type/attribute dovecot_etc_t (No such file or directory).
      libsemanage.semanage_link_sandbox: Link packages failed (No such file or directory).
      semodule: Failed!


      This has worked for me in the past but it's stumped me this time :s. Can anyone push me in the right direction, please?







      centos selinux dovecot






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Mar 26 '13 at 14:24







      Christian

















      asked Mar 26 '13 at 9:04









      ChristianChristian

      7752813




      7752813




















          1 Answer
          1






          active

          oldest

          votes


















          0














          Looks like dovecot policy is not loaded, load it in order to have the required module. If that does not help, make sure your kernel you are running is on par with the latest updated (e.g. reboot) and also update selinux-policy to the latest version and make sure it was loaded successfully.






          share|improve this answer























            Your Answer








            StackExchange.ready(function()
            var channelOptions =
            tags: "".split(" "),
            id: "106"
            ;
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function()
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled)
            StackExchange.using("snippets", function()
            createEditor();
            );

            else
            createEditor();

            );

            function createEditor()
            StackExchange.prepareEditor(
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: false,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: null,
            bindNavPrevention: true,
            postfix: "",
            imageUploader:
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            ,
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            );



            );













            draft saved

            draft discarded


















            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f69184%2fselinux-dovecot-and-sieve%23new-answer', 'question_page');

            );

            Post as a guest















            Required, but never shown

























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            0














            Looks like dovecot policy is not loaded, load it in order to have the required module. If that does not help, make sure your kernel you are running is on par with the latest updated (e.g. reboot) and also update selinux-policy to the latest version and make sure it was loaded successfully.






            share|improve this answer



























              0














              Looks like dovecot policy is not loaded, load it in order to have the required module. If that does not help, make sure your kernel you are running is on par with the latest updated (e.g. reboot) and also update selinux-policy to the latest version and make sure it was loaded successfully.






              share|improve this answer

























                0












                0








                0







                Looks like dovecot policy is not loaded, load it in order to have the required module. If that does not help, make sure your kernel you are running is on par with the latest updated (e.g. reboot) and also update selinux-policy to the latest version and make sure it was loaded successfully.






                share|improve this answer













                Looks like dovecot policy is not loaded, load it in order to have the required module. If that does not help, make sure your kernel you are running is on par with the latest updated (e.g. reboot) and also update selinux-policy to the latest version and make sure it was loaded successfully.







                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered Oct 15 '16 at 16:51









                lzaplzap

                9291711




                9291711



























                    draft saved

                    draft discarded
















































                    Thanks for contributing an answer to Unix & Linux Stack Exchange!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid


                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.

                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function ()
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f69184%2fselinux-dovecot-and-sieve%23new-answer', 'question_page');

                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown






                    Popular posts from this blog

                    How to check contact read email or not when send email to Individual?

                    Displaying single band from multi-band raster using QGIS

                    How many registers does an x86_64 CPU actually have?