1 |
With base-policy 20040906 and courier-imap-20040928 |
2 |
|
3 |
avc: denied { name_bind } for pid=1238 |
4 |
exe=/usr/lib/courier-imap/couriertcpd |
5 |
scontext=system_u:system_r:courier_tcpd_t |
6 |
tcontext=system_u:object_r:port_t tclass=tcp_socket |
7 |
|
8 |
When starting the imapd server of courier-imap. |
9 |
I think the reason for this is coming from courier-imap.te |
10 |
line 105-108 |
11 |
|
12 |
allow courier_tcpd_t imap_port_t:tcp_socket name_bind; |
13 |
...imaps_port_t... |
14 |
...pop_port_t... |
15 |
...pops_port_t... |
16 |
|
17 |
But these port types aren't defined in the policy. |
18 |
In net_contexts there are some for pop, but they are inside a |
19 |
ifdef('use_pop', and these are also not working for courier. |
20 |
|
21 |
I've tested it for the normal imap port, it works when i add this line |
22 |
to net_contexts: |
23 |
portcon tcp 143 system_u:object_r:imap_port_t |
24 |
it works fine. |
25 |
|
26 |
I think the same goes for 993 for imaps, 110 for pop and 995 for pops. |
27 |
|
28 |
Mark |
29 |
|
30 |
|
31 |
|
32 |
|
33 |
-- |
34 |
gentoo-hardened@g.o mailing list |