Details
-
Bug
-
Resolution: Done-Errata
-
Undefined
-
rhel-9.2.0
-
selinux-policy-38.1.29-1.el9
-
sst_security_selinux
-
ssg_security
-
20
-
False
-
-
No
-
Red Hat Enterprise Linux
-
Release Note Not Required
Description
What were you trying to do that didn't work?
Configure Dovecot to use PostgreSQL for user lookup.
Please provide the package NVR for which bug is seen:
dovecot-pgsql-2.3.16-8.el9.x86_64
How reproducible:
On every lookup
Steps to reproduce
- configure dovecot to use sockets instant of tcp
- try an sample lookup via "doveadm user user@domain"
Expected results
The data of the lookup
Actual results
Only an error message that the lookup fails.
The audit file will log this error:
type=AVC msg=audit(1700326791.924:28417): avc: denied { write } for pid=379029 comm="auth" name=".s.PGSQL.5432" dev="tmpfs" ino=21504 scontext=system_u:system_r:dovecot_auth_t:s0 tcontext=system_u:object_r:postgresql_var_run_t:s0 tclass=sock_file permissive=0 type=SYSCALL msg=audit(1700326791.924:28417): arch=c000003e syscall=42 success=no exit=-13 a0=14 a1=5635d4b2bc20 a2=6e a3=7f06cf6a4c48 items=0 ppid=378824 pid=379029 auid=4294967295 uid=97 gid=97 euid=97 suid=97 fsuid=97 egid=97 sgid=97 fsgid=97 tty=(none) ses=4294967295 comm="auth" exe="/usr/libexec/dovecot/auth" subj=system_u:system_r:dovecot_auth_t:s0 key=(null)ARCH=x86_64 SYSCALL=connect AUID="unset" UID="dovecot" GID="dovecot" EUID="dovecot" SUID="dovecot" FSUID="dovecot" EGID="dovecot" SGID="dovecot" FSGID="dovecot" type=PROCTITLE msg=audit(1700326791.924:28417): proctitle="dovecot/auth" type=AVC msg=audit(1700326791.960:28418): avc: denied { write } for pid=379030 comm="auth" name=".s.PGSQL.5432" dev="tmpfs" ino=21504 scontext=system_u:system_r:dovecot_auth_t:s0 tcontext=system_u:object_r:postgresql_var_run_t:s0 tclass=sock_file permissive=0 type=SYSCALL msg=audit(1700326791.960:28418): arch=c000003e syscall=42 success=no exit=-13 a0=d a1=56244e950630 a2=6e a3=7fe995ddbc48 items=0 ppid=378824 pid=379030 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auth" exe="/usr/libexec/dovecot/auth" subj=system_u:system_r:dovecot_auth_t:s0 key=(null)ARCH=x86_64 SYSCALL=connect AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" type=PROCTITLE msg=audit(1700326791.960:28418): proctitle=646F7665636F742F61757468002D77 type=AVC msg=audit(1700326791.967:28419): avc: denied { write } for pid=379029 comm="auth" name=".s.PGSQL.5432" dev="tmpfs" ino=21504 scontext=system_u:system_r:dovecot_auth_t:s0 tcontext=system_u:object_r:postgresql_var_run_t:s0 tclass=sock_file permissive=0 type=SYSCALL msg=audit(1700326791.967:28419): arch=c000003e syscall=42 success=no exit=-13 a0=16 a1=5635d4b38ae0 a2=6e a3=7f06cf6a4c48 items=0 ppid=378824 pid=379029 auid=4294967295 uid=97 gid=97 euid=97 suid=97 fsuid=97 egid=97 sgid=97 fsgid=97 tty=(none) ses=4294967295 comm="auth" exe="/usr/libexec/dovecot/auth" subj=system_u:system_r:dovecot_auth_t:s0 key=(null)ARCH=x86_64 SYSCALL=connect AUID="unset" UID="dovecot" GID="dovecot" EUID="dovecot" SUID="dovecot" FSUID="dovecot" EGID="dovecot" SGID="dovecot" FSGID="dovecot" type=PROCTITLE msg=audit(1700326791.967:28419): proctitle="dovecot/auth"
Attachments
Issue Links
- links to
-
RHBA-2023:121166 selinux-policy bug fix and enhancement update
- mentioned on