I am working
with Centos7:
I have configured Dovecot to connect to mysqld via
socket:
connect = host=/var/lib/mysql/mysql.sock
dbname=postfix user=postfix
password=Postfix_Database_Password
I test sending a message with
sendmail -i rgm@test.htt-consult.com
< README
This fails with the following message in maillog
Feb 4 11:28:48 klovia dovecot: dict(13122):
Error:
mysql(/var/lib/mysql/mysql.sock): Connect failed
to database (postfix):
Can't connect to local MySQL server through socket
'/var/lib/mysql/mysql.sock' (13) - waiting for 25
seconds before retry
If I setenforce to 0, the connection works. So it
clearly is an SELinux
problem. I worked on this almost 2 years ago on
another system and found:
http://zszsit.blogspot.com/2012/12/dovecot-mysql-selinux-issue-on-centos6.html
But I was hoping that there were better tools now
with Centos7. I
checked for setsebool at:
https://linux.die.net/man/8/mysqld_selinux
and tried:
setsebool -P allow_user_mysql_connect 1
But the mail still does not go unless I setenforce
to 0.
Hi,
this boolean allows a different permission -
see the manual page:
>> If you want to allow users to connect
to mysql, you must turn on the
allow_user_mysql_connect boolean.
Is there someway to get SELinux to allow dovecot
(and postfix) to
connect to mysqld?
While dovecot is allowed to connect to
postgresql port, there is no similar permission
for mysql:
# sesearch -A -s dovecot_t -c tcp_socket -p
name_connect | grep sql
allow dovecot_t postgresql_port_t:tcp_socket
name_connect;
However, if this permission is the only one
missing, you can simply add it with:
# echo '(allow dovecot_t mysqld_port_t
(tcp_socket (name_connect)))' >
dovecot-mysql.cil
# semodule -i dovecot-mysql.cil
# sesearch -A -s dovecot_t -c tcp_socket -p
name_connect | grep sql
allow dovecot_t mysqld_port_t:tcp_socket
name_connect;
allow dovecot_t postgresql_port_t:tcp_socket
name_connect;