Hi Markus, On Sat, Jun 17, 2006 at 04:59:28PM +0200, Markus Wagner wrote: > Hi, > > I'm currently trying to switch my server to SELinux. > > I've successfully managed to get most of my services running, only > courier-imapd-ssl remaining. > > In permissive mode it is possible to connect to the imapd-server and do > usual stuff without any denied messages. > In enforcing mode the service starts without any problems, but when > trying to connect to the server the connection fails with message in the > client that number of max ips has been reached. > > There are no avc-messages reported. > In /var/log/mail.log i get this: > Jun 17 17:48:47 gentoo imapd-ssl: couriertls: connect: > error:140B544E:SSL routines:SSL_GET_NEW_SESSION:ssl session id callback > failed > Jun 17 17:48:49 gentoo imapd-ssl: couriertls: connect: > error:140B544E:SSL routines:SSL_GET_NEW_SESSION:ssl session id callback > failed > > There has to be a problem with the imapd-server initiating a > SSL-connection in enforcing mode but why?
I cannot replicate this on my server. have a look at http://bugs.gentoo.org/show_bug.cgi?id=125354 I did not understand what the actual fix was :/ first try to locate the actual problem: dmesg -c cd /etc/security/selinux/src/policy make enableaudit make load # replicate the problem audit2allow -d you might need to add something like allow courier_tcpd_t random_device_t:chr_file r_file_perms; or allow courier_imap_t random_device_t:chr_file r_file_perms; cheers, peter -- petre rodan <[EMAIL PROTECTED]> Developer, Hardened Gentoo Linux
pgpjHovVApe1a.pgp
Description: PGP signature
