The current inetd policy does not allow xinetd to bind to pop_port_t. This is needed if you run a pop or imap server out of xinetd. Nov 19 19:16:22 siren xinetd[3434]: bind failed (Permission denied (errno = 13)). service = imaps Nov 19 19:16:22 siren xinetd[3434]: Service imaps failed to start and is deactivated. Nov 19 19:16:22 siren xinetd[3434]: xinetd Version 2.3.14 started with loadavg options compiled in. Nov 19 19:16:22 siren kernel: type=1400 audit(1321755382.057:233): avc: denied { name_bind } for pid=3434 comm="xinetd" src=993 scontext=system_u:system_r:inetd_t tcontext=system_u:object_r:pop_port_t tclass=tcp_socket
Created attachment 293777 [details, diff] Patch to allow binding to pop_port_t
Thanks
Should be in hardened-dev overlay.
In portage tree, ~arch
Stabilized