The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SELinux Enforcing IMAP - magic script request

Discussion in 'Security' started by RayBornert, Apr 27, 2014.

  1. RayBornert

    RayBornert Member

    Apr 27, 2014
    Likes Received:
    Trophy Points:
    cPanel Access Level:
    Root Administrator
    Hi All,

    I sincerely want to try and run my server with SELinux Enforcing mode. I recently had to reformat my box from scratch and since I am the only user of the box (for now), I am in a good position to experiment without fear of losing data and/or customers.

    I made sure that selinux was disabled during the cpanel install and things went as expected.

    I will now reduce a 2-3 day (LONG) story down to a (short) story.

    When I change to enforcing mode (by editing /etc/selinux/config) and then reboot, email stops working - specifically IMAP.

    I've searched the net for 2 days looking for a simple solution and have failed to find a nice concise answer. What I found was many "guesses", "maybes", "not-sures", "use-permissive-instead", etc. etc.

    I've always looked to the CPanel community for nice clean canonical/authoritative answers. If there is already an answer here on the forum that is NOT a 'guess-maybe-notsure-dontuseselinux' then please point me to that post.

    If there is no such post then might I suggest that this post become the first authoritative post where the final solution leads to a Cpanel magic script that is designed to do the post process fixup for ANY/ALL selinux issues that must get tweaked to allow EXIM and COURIER/DOVECOT to work as expected with selinux enforcing.

    I want a Cpanel engineer to install Centos/Cpanel on a clean box and then I want him to change selinux to enforcing and reboot and then I want him to gather 100% of the bash/pearl magic needed to make selinux and email play nice together. And then of course, that magical script needs to be published somewhere.

    I gladly volunteer to be the guinea pig for the magic script.

    Thank you in advance for a resolution here.

  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Apr 11, 2011
    Likes Received:
    Trophy Points:
    cPanel Access Level:
    Root Administrator
    Hello :)

    The short answer is that SELinux is not compatible/supported with cPanel and we recommend disabling it. There is actually an internal case open (#94457) with our documentation team that is aimed to provide the technical reasons why SElinux is not compatible with cPanel. That being said, the best way to voice your support for SELinux compatibility is to open a feature request at:

    Submit A Feature Request

    Thank you.

Share This Page