New in rc1 is a directory /var/lib/dovecot where the SSL parameters
files are generated before they are copied to the login directory.
The following additions to policy support this:
::::::::::::::
dovecot.fc
::::::::::::::
/var/lib/dovecot(/.*)?
gen_context(system_u:object_r:dovecot_var_lib_t,s0)
::::::::::::::
dovecot.te
::::::::::::::
policy_module(dovecot, 0.1.4)
########################################
#
# Declarations
#
require {
type dovecot_t;
};
# /var/lib/dovecot holds SSL parameters file
type dovecot_var_lib_t;
files_type(dovecot_var_lib_t)
########################################
#
# Local policy
#
# Allow dovecot to read the routing table (in selinux-policy 2.2.43-4.fc5)
#allow dovecot_t self:netlink_route_socket { r_netlink_socket_perms };
# Allow dovecot to create and read SSL parameters file
files_search_var_lib(dovecot_t)
allow dovecot_t dovecot_var_lib_t:dir { rw_dir_perms };
allow dovecot_t dovecot_var_lib_t:file { manage_file_perms };
Paul.
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list