On 05/29/2012 08:55 AM, Dominick Grift wrote:
> On Tue, 2012-05-29 at 13:50 +0100, lejeczek wrote:
>> hi everybody
>> I wonder why dovecot when run with spool in users home's would need
>> allow_ypbind=1 would you know?
> What AVC denials are you seeying? Setroubleshoot and/or audit2why does not
> make optimal suggestions.
>> -- selinux mailing list email@example.com
> -- selinux mailing list firstname.lastname@example.org
Yes setroubleshoot and audit2allow/audit2why is just looking for a boolean
that would allow the access. allow_ypbind is a very powerful boolean which
allows all apps that call getpw to listen on any port and to connect to any
port. Unless you are actually using NIS/YP in your environment you should
never turn on allow_ypbind.
Most likely dovecot is to connect or listen on an unexpected port. So you
could either add custom policy or modify the ports that dovecot
listens/connects too. Best to show us the AVC.s
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/