View Issue Details

IDProjectCategoryView StatusLast Update
0016145CentOS-7selinux-policypublic2019-06-25 22:47
Reporterfgbleiweiss 
PrioritynormalSeverityminorReproducibilityhave not tried
Status newResolutionopen 
PlatformOSOS Version7
Product Version 
Target VersionFixed in Version 
Summary0016145: SELinux is preventing /usr/libexec/dovecot/auth from 'write' accesses on the file passwd.db.
DescriptionDescription of problem:
SELinux is preventing /usr/libexec/dovecot/auth from 'write' accesses on the file passwd.db.

***** Plugin catchall (100. confidence) suggests **************************

If you believe that auth should be allowed write access on the passwd.db file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'auth' --raw | audit2allow -M my-auth
# semodule -i my-auth.pp

Additional Information:
Source Context system_u:system_r:dovecot_auth_t:s0
Target Context unconfined_u:object_r:postfix_spool_t:s0
Target Objects passwd.db [ file ]
Source auth
Source Path /usr/libexec/dovecot/auth
Port <Unknown>
Host (removed)
Source RPM Packages
Target RPM Packages
Policy RPM selinux-policy-3.13.1-229.el7_6.12.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name (removed)
Platform Linux (removed) 3.10.0-957.12.2.el7.x86_64 #1 SMP
                              Tue May 14 21:24:32 UTC 2019 x86_64 x86_64
Alert Count 24
First Seen 2019-06-03 22:59:15 CDT
Last Seen 2019-06-03 23:08:17 CDT
Local ID 98cb3e32-7f87-4b4c-bdaf-49ee3affe16e

Raw Audit Messages
type=AVC msg=audit(1559621297.370:496): avc: denied { write } for pid=19173 comm="auth" name="passwd.db" dev="dm-3" ino=10197 scontext=system_u:system_r:dovecot_auth_t:s0 tcontext=unconfined_u:object_r:postfix_spool_t:s0 tclass=file permissive=0


Hash: auth,dovecot_auth_t,postfix_spool_t,file,write

Version-Release number of selected component:
selinux-policy-3.13.1-229.el7_6.12.noarch
Additional Informationreporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 3.10.0-957.12.2.el7.x86_64
reproducible: Not sure how to reproduce the problem
type: libreport
TagsNo tags attached.
abrt_hashdda494f0b1ff557ed518d68f349e6a6640d9c4b50cba52273190833b714e9a30
URL

Activities

fgbleiweiss

fgbleiweiss

2019-06-25 22:47

reporter   ~0034718

Another user experienced a similar problem:

Message auto generated. No user action involved.

reporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 3.10.0-957.21.3.el7.x86_64
package: selinux-policy-3.13.1-229.el7_6.12.noarch
reason: SELinux is preventing auth from 'write' accesses on the file passwd.db.
reproducible: Not sure how to reproduce the problem
type: libreport

Issue History

Date Modified Username Field Change
2019-06-04 04:09 fgbleiweiss New Issue
2019-06-25 22:47 fgbleiweiss Note Added: 0034718