View Issue Details

IDProjectCategoryView StatusLast Update
0001651Rocky-Linux-9selinux-policypublic2023-01-31 09:49
ReporterColin Simpson Assigned To 
Status newResolutionopen 
PlatformRockyOS9OS Version9.1
Summary0001651: Dovecot SELinux policy incomplete or unrequired
DescriptionIn Dovecot I don't want to hold users email folder in homedirectories, so I use a directory that is
specified in the Postfix SELinux policy /var/spool/dovecot/.

To be clear the config for this is:

mail_location = mbox:/var/spool/dovecot/%u/:INBOX=/var/mail/%u

This location doesn't exist by default, so unsure why it would be in the SELinux policy if not to
centrally store users folder (or maybe I'm missing it's intended purpose completely).

But specifying this sort of works except I need to amend the policy with:

allow dovecot_t dovecot_spool_t:file map;

So either:
1/ I miss the point of this location /var/spool/dovecot
2/ The SELinux policy needs amending for this location
3/ Or this location shouldn't be in the SELinux policy at all.

I realise my config is probably unfashionable for dovecot, but there should be a way to
achieve this with the SELinux policy.
Steps To ReproduceSet in dovecot:
mail_location = mbox:/var/spool/dovecot/%u/:INBOX=/var/mail/%u
See the partial failures in audit.log
TagsNo tags attached.


Issue History

Date Modified Username Field Change
2022-12-30 20:41 Colin Simpson New Issue
2023-01-31 09:49 Colin Simpson Note Added: 0002317