selinux, dovecot and sieve
Clash Royale CLAN TAG#URR8PPP
I've just started learning to configure SELINUX and this morning on my CentOS 6.4 x64 system, with postfix/dovecot/mysql installed, I woke up to the following selinux issue
found 1 alerts in /var/log/audit/audit.log
----------------------------------------------------------------------------
SELinux is preventing /usr/libexec/dovecot/lmtp from write access on the directory sieve.
***** Plugin catchall (100. confidence) suggests ***************************
If you believe that lmtp should be allowed write access on the sieve directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep lmtp /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp
# semodule -i mypol.pp
When I run
grep lmtp /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp
I get
module dovecot 1.0;
require
type dovecot_etc_t;
type dovecot_t;
class dir write;
#============= dovecot_t ==============
allow dovecot_t dovecot_etc_t:dir write;
and then when I run
semodule -i mypol.pp
I get
libsepol.print_missing_requirements: dovecot's global requirements were not
met: type/attribute dovecot_etc_t (No such file or directory).
libsemanage.semanage_link_sandbox: Link packages failed (No such file or directory).
semodule: Failed!
This has worked for me in the past but it's stumped me this time :s. Can anyone push me in the right direction, please?
centos selinux dovecot
add a comment |
I've just started learning to configure SELINUX and this morning on my CentOS 6.4 x64 system, with postfix/dovecot/mysql installed, I woke up to the following selinux issue
found 1 alerts in /var/log/audit/audit.log
----------------------------------------------------------------------------
SELinux is preventing /usr/libexec/dovecot/lmtp from write access on the directory sieve.
***** Plugin catchall (100. confidence) suggests ***************************
If you believe that lmtp should be allowed write access on the sieve directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep lmtp /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp
# semodule -i mypol.pp
When I run
grep lmtp /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp
I get
module dovecot 1.0;
require
type dovecot_etc_t;
type dovecot_t;
class dir write;
#============= dovecot_t ==============
allow dovecot_t dovecot_etc_t:dir write;
and then when I run
semodule -i mypol.pp
I get
libsepol.print_missing_requirements: dovecot's global requirements were not
met: type/attribute dovecot_etc_t (No such file or directory).
libsemanage.semanage_link_sandbox: Link packages failed (No such file or directory).
semodule: Failed!
This has worked for me in the past but it's stumped me this time :s. Can anyone push me in the right direction, please?
centos selinux dovecot
add a comment |
I've just started learning to configure SELINUX and this morning on my CentOS 6.4 x64 system, with postfix/dovecot/mysql installed, I woke up to the following selinux issue
found 1 alerts in /var/log/audit/audit.log
----------------------------------------------------------------------------
SELinux is preventing /usr/libexec/dovecot/lmtp from write access on the directory sieve.
***** Plugin catchall (100. confidence) suggests ***************************
If you believe that lmtp should be allowed write access on the sieve directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep lmtp /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp
# semodule -i mypol.pp
When I run
grep lmtp /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp
I get
module dovecot 1.0;
require
type dovecot_etc_t;
type dovecot_t;
class dir write;
#============= dovecot_t ==============
allow dovecot_t dovecot_etc_t:dir write;
and then when I run
semodule -i mypol.pp
I get
libsepol.print_missing_requirements: dovecot's global requirements were not
met: type/attribute dovecot_etc_t (No such file or directory).
libsemanage.semanage_link_sandbox: Link packages failed (No such file or directory).
semodule: Failed!
This has worked for me in the past but it's stumped me this time :s. Can anyone push me in the right direction, please?
centos selinux dovecot
I've just started learning to configure SELINUX and this morning on my CentOS 6.4 x64 system, with postfix/dovecot/mysql installed, I woke up to the following selinux issue
found 1 alerts in /var/log/audit/audit.log
----------------------------------------------------------------------------
SELinux is preventing /usr/libexec/dovecot/lmtp from write access on the directory sieve.
***** Plugin catchall (100. confidence) suggests ***************************
If you believe that lmtp should be allowed write access on the sieve directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep lmtp /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp
# semodule -i mypol.pp
When I run
grep lmtp /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp
I get
module dovecot 1.0;
require
type dovecot_etc_t;
type dovecot_t;
class dir write;
#============= dovecot_t ==============
allow dovecot_t dovecot_etc_t:dir write;
and then when I run
semodule -i mypol.pp
I get
libsepol.print_missing_requirements: dovecot's global requirements were not
met: type/attribute dovecot_etc_t (No such file or directory).
libsemanage.semanage_link_sandbox: Link packages failed (No such file or directory).
semodule: Failed!
This has worked for me in the past but it's stumped me this time :s. Can anyone push me in the right direction, please?
centos selinux dovecot
centos selinux dovecot
edited Mar 26 '13 at 14:24
Christian
asked Mar 26 '13 at 9:04
ChristianChristian
7752813
7752813
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
Looks like dovecot policy is not loaded, load it in order to have the required module. If that does not help, make sure your kernel you are running is on par with the latest updated (e.g. reboot) and also update selinux-policy to the latest version and make sure it was loaded successfully.
add a comment |
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f69184%2fselinux-dovecot-and-sieve%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
Looks like dovecot policy is not loaded, load it in order to have the required module. If that does not help, make sure your kernel you are running is on par with the latest updated (e.g. reboot) and also update selinux-policy to the latest version and make sure it was loaded successfully.
add a comment |
Looks like dovecot policy is not loaded, load it in order to have the required module. If that does not help, make sure your kernel you are running is on par with the latest updated (e.g. reboot) and also update selinux-policy to the latest version and make sure it was loaded successfully.
add a comment |
Looks like dovecot policy is not loaded, load it in order to have the required module. If that does not help, make sure your kernel you are running is on par with the latest updated (e.g. reboot) and also update selinux-policy to the latest version and make sure it was loaded successfully.
Looks like dovecot policy is not loaded, load it in order to have the required module. If that does not help, make sure your kernel you are running is on par with the latest updated (e.g. reboot) and also update selinux-policy to the latest version and make sure it was loaded successfully.
answered Oct 15 '16 at 16:51
lzaplzap
9291711
9291711
add a comment |
add a comment |
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f69184%2fselinux-dovecot-and-sieve%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown