-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 05/29/2012 08:55 AM, Dominick Grift wrote:
On Tue, 2012-05-29 at 13:50 +0100, lejeczek wrote:
> hi everybody
>
> I wonder why dovecot when run with spool in users home's would need
> allow_ypbind=1 would you know?
What AVC denials are you seeying? Setroubleshoot and/or audit2why does not
make optimal suggestions.
> thanks!
>
> -- selinux mailing list selinux(a)lists.fedoraproject.org
>
https://admin.fedoraproject.org/mailman/listinfo/selinux
-- selinux mailing list selinux(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
Yes setroubleshoot and audit2allow/audit2why is just looking for a boolean
that would allow the access. allow_ypbind is a very powerful boolean which
allows all apps that call getpw to listen on any port and to connect to any
port. Unless you are actually using NIS/YP in your environment you should
never turn on allow_ypbind.
Most likely dovecot is to connect or listen on an unexpected port. So you
could either add custom policy or modify the ports that dovecot
listens/connects too. Best to show us the AVC.s
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla -
http://enigmail.mozdev.org/
iEYEARECAAYFAk/E1EUACgkQrlYvE4MpobNcCwCgzE8sZUOhFsmB1gooWrbVyksC
rsQAoJslvI6V9lhPzaBfmL22/XfEbEyJ
=0bYj
-----END PGP SIGNATURE-----