FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora SELinux Support

 
 
LinkBack Thread Tools
 
Old 05-29-2012, 01:51 PM
Daniel J Walsh
 
Default dovecot and allow_ypbind

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 05/29/2012 08:55 AM, Dominick Grift wrote:
> On Tue, 2012-05-29 at 13:50 +0100, lejeczek wrote:
>> hi everybody
>>
>> I wonder why dovecot when run with spool in users home's would need
>> allow_ypbind=1 would you know?
>
> What AVC denials are you seeying? Setroubleshoot and/or audit2why does not
> make optimal suggestions.
>
>> thanks!
>>
>> -- selinux mailing list selinux@lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/selinux
>
>
> -- selinux mailing list selinux@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux


Yes setroubleshoot and audit2allow/audit2why is just looking for a boolean
that would allow the access. allow_ypbind is a very powerful boolean which
allows all apps that call getpw to listen on any port and to connect to any
port. Unless you are actually using NIS/YP in your environment you should
never turn on allow_ypbind.


Most likely dovecot is to connect or listen on an unexpected port. So you
could either add custom policy or modify the ports that dovecot
listens/connects too. Best to show us the AVC.s
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk/E1EUACgkQrlYvE4MpobNcCwCgzE8sZUOhFsmB1gooWrbVyksC
rsQAoJslvI6V9lhPzaBfmL22/XfEbEyJ
=0bYj
-----END PGP SIGNATURE-----
--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
 

Thread Tools




All times are GMT. The time now is 12:57 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org