Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-16850

Unable to connect to PostgreSQL using sockets

    • Icon: Bug Bug
    • Resolution: Done-Errata
    • Icon: Undefined Undefined
    • rhel-9.4
    • rhel-9.2.0
    • selinux-policy
    • selinux-policy-38.1.29-1.el9
    • None
    • None
    • rhel-sst-security-selinux
    • ssg_security
    • 20
    • None
    • False
    • Hide

      None

      Show
      None
    • No
    • Red Hat Enterprise Linux
    • None
    • Release Note Not Required
    • None

      What were you trying to do that didn't work?

      Configure Dovecot to use PostgreSQL for user lookup.

      Please provide the package NVR for which bug is seen:

      dovecot-pgsql-2.3.16-8.el9.x86_64

      How reproducible:

      On every lookup

      Steps to reproduce

      1.  configure dovecot to use sockets instant of tcp
      2.  try an sample lookup via  "doveadm user user@domain"

      Expected results

      The data of the lookup

      Actual results

      Only an error message that the lookup fails.

      The audit file will log this error:

      type=AVC msg=audit(1700326791.924:28417): avc:  denied  { write } for  pid=379029 comm="auth" name=".s.PGSQL.5432" dev="tmpfs" ino=21504 scontext=system_u:system_r:dovecot_auth_t:s0 tcontext=system_u:object_r:postgresql_var_run_t:s0 tclass=sock_file permissive=0
      type=SYSCALL msg=audit(1700326791.924:28417): arch=c000003e syscall=42 success=no exit=-13 a0=14 a1=5635d4b2bc20 a2=6e a3=7f06cf6a4c48 items=0 ppid=378824 pid=379029 auid=4294967295 uid=97 gid=97 euid=97 suid=97 fsuid=97 egid=97 sgid=97 fsgid=97 tty=(none) ses=4294967295 comm="auth" exe="/usr/libexec/dovecot/auth" subj=system_u:system_r:dovecot_auth_t:s0 key=(null)ARCH=x86_64 SYSCALL=connect AUID="unset" UID="dovecot" GID="dovecot" EUID="dovecot" SUID="dovecot" FSUID="dovecot" EGID="dovecot" SGID="dovecot" FSGID="dovecot"
      type=PROCTITLE msg=audit(1700326791.924:28417): proctitle="dovecot/auth"
      type=AVC msg=audit(1700326791.960:28418): avc:  denied  { write } for  pid=379030 comm="auth" name=".s.PGSQL.5432" dev="tmpfs" ino=21504 scontext=system_u:system_r:dovecot_auth_t:s0 tcontext=system_u:object_r:postgresql_var_run_t:s0 tclass=sock_file permissive=0
      type=SYSCALL msg=audit(1700326791.960:28418): arch=c000003e syscall=42 success=no exit=-13 a0=d a1=56244e950630 a2=6e a3=7fe995ddbc48 items=0 ppid=378824 pid=379030 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auth" exe="/usr/libexec/dovecot/auth" subj=system_u:system_r:dovecot_auth_t:s0 key=(null)ARCH=x86_64 SYSCALL=connect AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
      type=PROCTITLE msg=audit(1700326791.960:28418): proctitle=646F7665636F742F61757468002D77
      type=AVC msg=audit(1700326791.967:28419): avc:  denied  { write } for  pid=379029 comm="auth" name=".s.PGSQL.5432" dev="tmpfs" ino=21504 scontext=system_u:system_r:dovecot_auth_t:s0 tcontext=system_u:object_r:postgresql_var_run_t:s0 tclass=sock_file permissive=0
      type=SYSCALL msg=audit(1700326791.967:28419): arch=c000003e syscall=42 success=no exit=-13 a0=16 a1=5635d4b38ae0 a2=6e a3=7f06cf6a4c48 items=0 ppid=378824 pid=379029 auid=4294967295 uid=97 gid=97 euid=97 suid=97 fsuid=97 egid=97 sgid=97 fsgid=97 tty=(none) ses=4294967295 comm="auth" exe="/usr/libexec/dovecot/auth" subj=system_u:system_r:dovecot_auth_t:s0 key=(null)ARCH=x86_64 SYSCALL=connect AUID="unset" UID="dovecot" GID="dovecot" EUID="dovecot" SUID="dovecot" FSUID="dovecot" EGID="dovecot" SGID="dovecot" FSGID="dovecot"
      type=PROCTITLE msg=audit(1700326791.967:28419): proctitle="dovecot/auth"
      

        1. dovecot-auth.te
          0.4 kB
          Frank Büttner

              rhn-support-zpytela Zdenek Pytela
              bugzilla_terrortux Frank Büttner
              Zdenek Pytela Zdenek Pytela
              Milos Malik Milos Malik
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated:
                Resolved: