On Sun, Mar 14, 2010 at 10:28:18AM +0100, Ruben Kerkhof wrote: > Hi all, > > I was wondering what would be the best place to store tls certificates > for postfix. > Right now, we store them in /var, which is denied by the policy. > > The policy allows postfix files_read_usr_files (for openssl, that's > what the comment above it says) but wouldn't it be better to store > them under /etc/pki? > Maybe there should be a postfix_cert_t or something? I am not very familiar with postfix and its policy but in my opinion certs should be in /etc/pki indeed. although you could probably also dump them into /etc/postfix > > Regards, > > Ruben > -- > selinux mailing list > selinux@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/selinux
Attachment:
pgp7JEMSOTDsb.pgp
Description: PGP signature
-- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
