On 30.06.2018 10:55, Reio Remma wrote:
On 29.06.2018 15:51, Timo Sirainen wrote:
https://dovecot.org/releases/2.3/dovecot-2.3.2.tar.gz
https://dovecot.org/releases/2.3/dovecot-2.3.2.tar.gz.sig
v2.3.2 is mainly a bugfix release. It contains all the changes in
v2.2.36, as well as a bunch of other fixes (mainly for v2.3-only
bugs). Binary packages are already in https://repo.dovecot.org/
Has something been changed in the CentOS package, especially with
SELinux? I just updated from 2.3.1 and now I'm having to add SELinux
rules for Dovecot to be able to read files in /etc. I've an sqlite
user database in /etc/mail and sieve scripts in /etc/dovecot/sieve,
neither are accessible anymore without adding extra SELinux rules.
# This one is now needed to use the sqlite database in /etc/mail
#
module selinux-dovecot-etc 1.0;
require {
type dovecot_auth_t;
type etc_mail_t;
class dir search;
class file { getattr lock open read write };
}
#============= dovecot_auth_t ==============
allow dovecot_auth_t etc_mail_t:dir search;
allow dovecot_auth_t etc_mail_t:file { getattr lock open read write };
# This module is needed for Dovecot to be able to execute sieve scripts
in /etc/dovecot/sieve
#
module selinux-dovecot-etc-execute 1.0;
require {
type dovecot_etc_t;
type dovecot_t;
class file { execute execute_no_trans };
}
#============= dovecot_t ==============
allow dovecot_t dovecot_etc_t:file { execute execute_no_trans };
# This module is needed for my spamc scripts to access what it needs
#
module selinux-dovecot-sieve-execute 1.0;
require {
type var_log_t;
type dovecot_t;
type spamc_exec_t;
type tmpfs_t;
class lnk_file read;
class file { execute execute_no_trans getattr open read };
}
#============= dovecot_t ==============
allow dovecot_t spamc_exec_t:file { execute execute_no_trans getattr open read
};
allow dovecot_t tmpfs_t:lnk_file read;
allow dovecot_t var_log_t:file open;
None of these modules were needed before upgrade from 2.3.1 on my Centos
7.5 system.
---
Good luck,
Reio
