Hi Markus,

On Sat, Jun 17, 2006 at 04:59:28PM +0200, Markus Wagner wrote:
> Hi,
> 
> I'm currently trying to switch my server to SELinux.
> 
> I've successfully managed to get most of my services running, only
> courier-imapd-ssl remaining.
> 
> In permissive mode it is possible to connect to the imapd-server and do
> usual stuff without any denied messages.
> In enforcing mode the service starts without any problems, but when
> trying to connect to the server the connection fails with message in the
> client that number of max ips has been reached.
> 
> There are no avc-messages reported.
> In /var/log/mail.log i get this:
> Jun 17 17:48:47 gentoo imapd-ssl: couriertls: connect:
> error:140B544E:SSL routines:SSL_GET_NEW_SESSION:ssl session id callback
> failed
> Jun 17 17:48:49 gentoo imapd-ssl: couriertls: connect:
> error:140B544E:SSL routines:SSL_GET_NEW_SESSION:ssl session id callback
> failed
> 
> There has to be a problem with the imapd-server initiating a
> SSL-connection in enforcing mode but why?

I cannot replicate this on my server. have a look at 
http://bugs.gentoo.org/show_bug.cgi?id=125354
I did not understand what the actual fix was :/

first try to locate the actual problem:

dmesg -c
cd /etc/security/selinux/src/policy
make enableaudit
make load
# replicate the problem
audit2allow -d

you might need to add something like

allow courier_tcpd_t random_device_t:chr_file r_file_perms;
or
allow courier_imap_t random_device_t:chr_file r_file_perms;

cheers,
peter

-- 
petre rodan
<[EMAIL PROTECTED]>
Developer,
Hardened Gentoo Linux 

Attachment: pgpjHovVApe1a.pgp
Description: PGP signature

Reply via email to