Re: dovecot 1.0.rc1

Daniel J Walsh <dwalsh@xxxxxxxxxx> · Thu, 13 Jul 2006 11:34:31 -0400

Paul Howarth wrote:
New in rc1 is a directory /var/lib/dovecot where the SSL parameters 
files are generated before they are copied to the login directory.

The following additions to policy support this:

::::::::::::::
dovecot.fc
::::::::::::::
/var/lib/dovecot(/.*)? 
gen_context(system_u:object_r:dovecot_var_lib_t,s0)
::::::::::::::
dovecot.te
::::::::::::::
policy_module(dovecot, 0.1.4)

########################################
#
# Declarations
#

require {
        type dovecot_t;
};

# /var/lib/dovecot holds SSL parameters file
type dovecot_var_lib_t;
files_type(dovecot_var_lib_t)

########################################
#
# Local policy
#

# Allow dovecot to read the routing table (in selinux-policy 
2.2.43-4.fc5)
#allow dovecot_t self:netlink_route_socket { r_netlink_socket_perms };

# Allow dovecot to create and read SSL parameters file
files_search_var_lib(dovecot_t)
allow dovecot_t dovecot_var_lib_t:dir { rw_dir_perms };
allow dovecot_t dovecot_var_lib_t:file { manage_file_perms };

Paul.
Added to selinux-policy-2.3.2-3

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list