I've just started learning to configure SELINUX and this morning on my CentOS 6.4 x64 system, with postfix/dovecot/mysql installed, I woke up to the following selinux issue
found 1 alerts in /var/log/audit/audit.log ---------------------------------------------------------------------------- SELinux is preventing /usr/libexec/dovecot/lmtp from write access on the directory sieve. ***** Plugin catchall (100. confidence) suggests *************************** If you believe that lmtp should be allowed write access on the sieve directory by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep lmtp /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp # semodule -i mypol.pp When I run
grep lmtp /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp I get
module dovecot 1.0; require { type dovecot_etc_t; type dovecot_t; class dir write; } #============= dovecot_t ============== allow dovecot_t dovecot_etc_t:dir write; and then when I run
semodule -i mypol.pp I get
libsepol.print_missing_requirements: dovecot's global requirements were not met: type/attribute dovecot_etc_t (No such file or directory). libsemanage.semanage_link_sandbox: Link packages failed (No such file or directory). semodule: Failed! This has worked for me in the past but it's stumped me this time :s. Can anyone push me in the right direction, please?
