View Issue Details

IDProjectCategoryView StatusLast Update
0016145CentOS-7selinux-policypublic2019-11-26 14:22
PrioritynormalSeverityminorReproducibilityhave not tried
Status newResolutionopen 
PlatformOSOS Version7
Product Version 
Target VersionFixed in Version 
Summary0016145: SELinux is preventing /usr/libexec/dovecot/auth from 'write' accesses on the file passwd.db.
DescriptionDescription of problem:
SELinux is preventing /usr/libexec/dovecot/auth from 'write' accesses on the file passwd.db.

***** Plugin catchall (100. confidence) suggests **************************

If you believe that auth should be allowed write access on the passwd.db file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
allow this access for now by executing:
# ausearch -c 'auth' --raw | audit2allow -M my-auth
# semodule -i my-auth.pp

Additional Information:
Source Context system_u:system_r:dovecot_auth_t:s0
Target Context unconfined_u:object_r:postfix_spool_t:s0
Target Objects passwd.db [ file ]
Source auth
Source Path /usr/libexec/dovecot/auth
Port <Unknown>
Host (removed)
Source RPM Packages
Target RPM Packages
Policy RPM selinux-policy-3.13.1-229.el7_6.12.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name (removed)
Platform Linux (removed) 3.10.0-957.12.2.el7.x86_64 #1 SMP
                              Tue May 14 21:24:32 UTC 2019 x86_64 x86_64
Alert Count 24
First Seen 2019-06-03 22:59:15 CDT
Last Seen 2019-06-03 23:08:17 CDT
Local ID 98cb3e32-7f87-4b4c-bdaf-49ee3affe16e

Raw Audit Messages
type=AVC msg=audit(1559621297.370:496): avc: denied { write } for pid=19173 comm="auth" name="passwd.db" dev="dm-3" ino=10197 scontext=system_u:system_r:dovecot_auth_t:s0 tcontext=unconfined_u:object_r:postfix_spool_t:s0 tclass=file permissive=0

Hash: auth,dovecot_auth_t,postfix_spool_t,file,write

Version-Release number of selected component:
Additional Informationreporter: libreport-
hashmarkername: setroubleshoot
kernel: 3.10.0-957.12.2.el7.x86_64
reproducible: Not sure how to reproduce the problem
type: libreport
TagsNo tags attached.




2019-06-25 22:47

reporter   ~0034718

Another user experienced a similar problem:

Message auto generated. No user action involved.

reporter: libreport-
hashmarkername: setroubleshoot
kernel: 3.10.0-957.21.3.el7.x86_64
package: selinux-policy-3.13.1-229.el7_6.12.noarch
reason: SELinux is preventing auth from 'write' accesses on the file passwd.db.
reproducible: Not sure how to reproduce the problem
type: libreport


2019-11-26 14:22

reporter   ~0035761

It can be easily reproduced by attempting to change the mail account password through IMAP or using webmail like Horde or Rouncube to set the password.

Issue History

Date Modified Username Field Change
2019-06-04 04:09 fgbleiweiss New Issue
2019-06-25 22:47 fgbleiweiss Note Added: 0034718
2019-11-26 14:22 h228 Note Added: 0035761