On Tue, 30 Mar 2010 14:23:19 +0100 Paul Howarth <paul@xxxxxxxxxxxx> wrote: > dovecot 2.0 renames some files from 1.x and needs some additional > policy: > > File contexts: > > /etc/dovecot(/.*)? gen_context(system_u:object_r:dovecot_etc_t,s0) > > /usr/libexec/dovecot/auth -- > gen_context(system_u:object_r:dovecot_auth_exec_t,s0) > > /usr/libexec/dovecot/dovecot-lda -- > gen_context(system_u:object_r:dovecot_deliver_exec_t,s0) > > Rules: > > type dovecot_tmp_t; > files_tmp_file(dovecot_tmp_t) > manage_dirs_pattern(dovecot_t, dovecot_tmp_t, dovecot_tmp_t) > manage_files_pattern(dovecot_t, dovecot_tmp_t, dovecot_tmp_t) > files_tmp_filetrans(dovecot_t, dovecot_tmp_t, { file dir }) > allow dovecot_t self:capability kill; > allow dovecot_t dovecot_auth_t:process signal; Another rule needed when it regenerates SSL DH parameters: allow dovecot_t self:process setsched; Paul. -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux