Re: [CentOS] NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql

On 04/28/2017 06:36 PM, Gordon Messmer wrote: On 04/28/2017 12:06 AM, Robert Moskowitz wrote: Here are the messages I got: type=AVC msg=audit(1493361695.041:49205): avc: denied { rlimitinh } for pid=3047 comm="cleanup" scontext=system_u:system_r:postfix_master_t:s0

Re: [CentOS] NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql

On 04/28/2017 08:07 PM, m...@tdiehl.org wrote: On Fri, 28 Apr 2017, Gordon Messmer wrote: On 04/28/2017 12:06 AM, Robert Moskowitz wrote: Here are the messages I got: type=AVC msg=audit(1493361695.041:49205): avc: denied { rlimitinh } for pid=3047 comm="cleanup"

Re: [CentOS] NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql

On Fri, 28 Apr 2017, Gordon Messmer wrote: On 04/28/2017 12:06 AM, Robert Moskowitz wrote: Here are the messages I got: type=AVC msg=audit(1493361695.041:49205): avc: denied { rlimitinh } for pid=3047 comm="cleanup" scontext=system_u:system_r:postfix_master_t:s0

Re: [CentOS] NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql

On 04/28/2017 12:06 AM, Robert Moskowitz wrote: Here are the messages I got: type=AVC msg=audit(1493361695.041:49205): avc: denied { rlimitinh } for pid=3047 comm="cleanup" scontext=system_u:system_r:postfix_master_t:s0 tcontext=system_u:system_r:postfix_cleanup_t:s0 tclass=process

Re: [CentOS] NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql

Gordon, Thank you for your help on this. Still not working... On 04/26/2017 06:27 PM, Gordon Messmer wrote: On 04/26/2017 12:29 AM, Robert Moskowitz wrote: But the policy generates errors. I will have to submit a bug report, it seems A bug report would probably be helpful. I'm looking

Re: [CentOS] NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql

Thanks for the advice. Will see what I can get done this evening. On 04/26/2017 06:27 PM, Gordon Messmer wrote: On 04/26/2017 12:29 AM, Robert Moskowitz wrote: But the policy generates errors. I will have to submit a bug report, it seems A bug report would probably be helpful. I'm

Re: [CentOS] NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql

On 04/26/2017 12:29 AM, Robert Moskowitz wrote: But the policy generates errors. I will have to submit a bug report, it seems A bug report would probably be helpful. I'm looking back at the message you wrote describing errors in ld-2.17.so. I think what's happening is that the policy on

Re: [CentOS] NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql

thanks. On 04/26/2017 08:55 AM, Phoenix, Merka wrote: Robert, in regards to your Postfix and Dovecot issue with MySQL and SELinux, Apr 26 01:25:45 z9m9z dovecot: dict: Error: mysql(/var/lib/mysql/mysql.sock): Connect failed to database (postfix): Can't connect to local MySQL server through

Re: [CentOS] NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql

Robert, in regards to your Postfix and Dovecot issue with MySQL and SELinux, > Apr 26 01:25:45 z9m9z dovecot: dict: Error: > mysql(/var/lib/mysql/mysql.sock): Connect failed to database > (postfix): Can't connect to local MySQL server through socket > '/var/lib/mysql/mysql.sock' (13) -

Re: [CentOS] NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql

On 04/26/2017 08:21 AM, Rob Kampen wrote: On 26/04/17 17:29, Robert Moskowitz wrote: On 04/26/2017 04:22 AM, Gordon Messmer wrote: On 04/25/2017 03:25 PM, Robert Moskowitz wrote: This made the same content as before that caused problems: I still don't understand, exactly. Are you

Re: [CentOS] NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql

On 04/26/2017 08:04 AM, Gordon Messmer wrote: On 04/25/2017 10:29 PM, Robert Moskowitz wrote: did not work. it was set off, so I turned it on and tried it out. Got the same errors: Apr 26 01:25:45 z9m9z dovecot: dict: Error: mysql(/var/lib/mysql/mysql.sock): Connect failed to database

Re: [CentOS] NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql

On 26/04/17 17:29, Robert Moskowitz wrote: On 04/26/2017 04:22 AM, Gordon Messmer wrote: On 04/25/2017 03:25 PM, Robert Moskowitz wrote: This made the same content as before that caused problems: I still don't understand, exactly. Are you seeing *new* problems after installing a policy?

Re: [CentOS] NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql

On 04/25/2017 10:29 PM, Robert Moskowitz wrote: did not work. it was set off, so I turned it on and tried it out. Got the same errors: Apr 26 01:25:45 z9m9z dovecot: dict: Error: mysql(/var/lib/mysql/mysql.sock): Connect failed to database (postfix): Can't connect to local MySQL server

Re: [CentOS] NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql

On 04/26/2017 07:29 AM, Robert Moskowitz wrote: On 04/26/2017 04:22 AM, Gordon Messmer wrote: On 04/25/2017 03:25 PM, Robert Moskowitz wrote: This made the same content as before that caused problems: I still don't understand, exactly. Are you seeing *new* problems after installing a

Re: [CentOS] NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql

On 04/26/2017 04:22 AM, Gordon Messmer wrote: On 04/25/2017 03:25 PM, Robert Moskowitz wrote: This made the same content as before that caused problems: I still don't understand, exactly. Are you seeing *new* problems after installing a policy? What are the problems? # The file

Re: [CentOS] NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql

On 04/25/2017 03:25 PM, Robert Moskowitz wrote: This made the same content as before that caused problems: I still don't understand, exactly. Are you seeing *new* problems after installing a policy? What are the problems? # The file '/var/lib/mysql/mysql.sock' is mislabeled on your

Re: [CentOS] NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql

On 04/25/2017 06:45 PM, Gordon Messmer wrote: On 04/25/2017 01:58 AM, Laurent Wandrebeck wrote: Quick’n’(really) dirty SELinux howto: Alternate process: 1: setenforce permissive 2: tail -f /var/log/audit/audit.log | grep AVC 3: use the service, exercise each function that's constrained by

Re: [CentOS] NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql

On 04/25/2017 09:34 PM, Gordon Messmer wrote: On 04/25/2017 12:05 PM, Robert Moskowitz wrote: How do I undo the damage the last attempt caused? I'm not sure what damage you mean. If you installed a custom selinux module already and want to remove it, look at the files in

Re: [CentOS] NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql

On 04/25/2017 09:34 PM, Gordon Messmer wrote: On 04/25/2017 12:05 PM, Robert Moskowitz wrote: How do I undo the damage the last attempt caused? I'm not sure what damage you mean. If you installed a custom selinux module already and want to remove it, look at the files in

Re: [CentOS] NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql

On 04/25/2017 12:05 PM, Robert Moskowitz wrote: How do I undo the damage the last attempt caused? I'm not sure what damage you mean. If you installed a custom selinux module already and want to remove it, look at the files in /etc/selinux/targeted/modules/active/modules/. Those are the

Re: [CentOS] NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql

On 04/25/2017 06:45 PM, Gordon Messmer wrote: On 04/25/2017 01:58 AM, Laurent Wandrebeck wrote: Quick’n’(really) dirty SELinux howto: Alternate process: 1: setenforce permissive 2: tail -f /var/log/audit/audit.log | grep AVC 3: use the service, exercise each function that's constrained by

Re: [CentOS] NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql

On 04/25/2017 01:58 AM, Laurent Wandrebeck wrote: Quick’n’(really) dirty SELinux howto: Alternate process: 1: setenforce permissive 2: tail -f /var/log/audit/audit.log | grep AVC 3: use the service, exercise each function that's constrained by the existing policy 4: copy and paste the

Re: [CentOS] NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql

On 04/25/2017 11:41 AM, Laurent Wandrebeck wrote: Le mardi 25 avril 2017 à 11:36 +0200, Robert Moskowitz a écrit : On 04/25/2017 11:29 AM, Laurent Wandrebeck wrote: Le mardi 25 avril 2017 à 11:19 +0200, Robert Moskowitz a écrit : /usr/lib/ld-2.17.so This file is not part of CentOS 7, nor

Re: [CentOS] NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql

Le mardi 25 avril 2017 à 11:36 +0200, Robert Moskowitz a écrit : > > On 04/25/2017 11:29 AM, Laurent Wandrebeck wrote: > > Le mardi 25 avril 2017 à 11:19 +0200, Robert Moskowitz a écrit : > >> /usr/lib/ld-2.17.so > > This file is not part of CentOS 7, nor CentOS 6 ? > > I am running Centos 7

Re: [CentOS] NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql

On 04/25/2017 11:29 AM, Laurent Wandrebeck wrote: Le mardi 25 avril 2017 à 11:19 +0200, Robert Moskowitz a écrit : /usr/lib/ld-2.17.so This file is not part of CentOS 7, nor CentOS 6 ? I am running Centos 7 armv7hl So it IS possible that I am missing something that did not get built

Re: [CentOS] NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql

Le mardi 25 avril 2017 à 11:19 +0200, Robert Moskowitz a écrit : > /usr/lib/ld-2.17.so This file is not part of CentOS 7, nor CentOS 6 ? -- Laurent Wandrebeck ___ CentOS mailing list CentOS@centos.org

Re: [CentOS] NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql

On 04/25/2017 11:12 AM, Laurent Wandrebeck wrote: Le mardi 25 avril 2017 à 11:07 +0200, Robert Moskowitz a écrit : On 04/25/2017 10:58 AM, Laurent Wandrebeck wrote: Le mardi 25 avril 2017 à 10:39 +0200, Robert Moskowitz a écrit : Thanks Laurent. You obviously know a LOT more about SELinux

Re: [CentOS] NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql

Le mardi 25 avril 2017 à 11:07 +0200, Robert Moskowitz a écrit : > > On 04/25/2017 10:58 AM, Laurent Wandrebeck wrote: > > Le mardi 25 avril 2017 à 10:39 +0200, Robert Moskowitz a écrit : > >> Thanks Laurent. You obviously know a LOT more about SELinux than I. I > >> pretty much just use

Re: [CentOS] NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql

On 04/25/2017 10:58 AM, Laurent Wandrebeck wrote: Le mardi 25 avril 2017 à 10:39 +0200, Robert Moskowitz a écrit : Thanks Laurent. You obviously know a LOT more about SELinux than I. I pretty much just use commands and not build policies. So I need some more information here. From what

Re: [CentOS] NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql

Le mardi 25 avril 2017 à 10:39 +0200, Robert Moskowitz a écrit : > Thanks Laurent. You obviously know a LOT more about SELinux than I. I > pretty much just use commands and not build policies. So I need some > more information here. > > From what you provided below, how do I determine what

Re: [CentOS] NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql

Thanks Laurent. You obviously know a LOT more about SELinux than I. I pretty much just use commands and not build policies. So I need some more information here. From what you provided below, how do I determine what is currently in place and how do I add your stuff (changing postgresql

Re: [CentOS] NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql

Le mardi 25 avril 2017 à 10:04 +0200, Robert Moskowitz a écrit : > I thought I had this fixed, but I do not. I was away from this problem > working on other matters, and came back (after a reboot) and it is still > there, so I suspect when I thought I had it 'fixed' I was running with >

[CentOS] NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql

I thought I had this fixed, but I do not. I was away from this problem working on other matters, and came back (after a reboot) and it is still there, so I suspect when I thought I had it 'fixed' I was running with setenforce 0 from another problem (that is fixed). So anyone know how to get