SE Linux + Dovecot SASL + Postfix = help

Hill, Greg grhill at corp.untd.com
Tue Oct 24 13:09:53 MDT 2006


So, in order to get Postfix to use Dovecot SASL, you have to tell both
Postfix and Dovecot where the 'auth' socket will be.  From what I can
tell, Dovecot then creates the socket on load and Postfix just uses it
to Auth SMTP connections.  However, the default SE Linux on Fedora Core
5 is preventing Dovecot from creating the socket and listening on it. 

 

I tried to read the docs on SE Linux, but this being my first foray into
it, much of it was as clear as mud.  For now, I just disabled SE Linux
to get it to work, but I'd like to turn it back on if it's not too hard
to get working.  Is there an easy command to create a folder that
dovecot-auth will have access to create the socket?  Will Postfix need
some sort of access as well in order to send requests to that socket?  I
would imagine not, but this is all new territory for me.

 

The Redhat docs said to create a .te file from /var/log/messages (which
I did), then to compile it with some utility they provide, which failed
with an error message that made no sense to me (I don't recall what it
was, and I don't have access to the server at the moment to try again).
I then tried to create a folder and chcon it to allow dovecot_auth_t
access, and got 'permission denied' (as root, even).  It was at that
point I gave up and turned off SE Linux.

 

Greg




More information about the PLUG mailing list