Re: dovecot 2.0

Paul Howarth <paul@xxxxxxxxxxxx> · Fri, 2 Apr 2010 09:48:20 +0100

On Tue, 30 Mar 2010 14:23:19 +0100
Paul Howarth <paul@xxxxxxxxxxxx> wrote:

> dovecot 2.0 renames some files from 1.x and needs some additional
> policy:
> 
> File contexts:
> 
> /etc/dovecot(/.*)? gen_context(system_u:object_r:dovecot_etc_t,s0)
> 
> /usr/libexec/dovecot/auth -- 
> gen_context(system_u:object_r:dovecot_auth_exec_t,s0)
> 
> /usr/libexec/dovecot/dovecot-lda -- 
> gen_context(system_u:object_r:dovecot_deliver_exec_t,s0)
> 
> Rules:
> 
> type dovecot_tmp_t;
> files_tmp_file(dovecot_tmp_t)
> manage_dirs_pattern(dovecot_t, dovecot_tmp_t, dovecot_tmp_t)
> manage_files_pattern(dovecot_t, dovecot_tmp_t, dovecot_tmp_t)
> files_tmp_filetrans(dovecot_t, dovecot_tmp_t, { file dir })
> allow dovecot_t self:capability kill;
> allow dovecot_t dovecot_auth_t:process signal;

Another rule needed when it regenerates SSL DH parameters:

allow dovecot_t self:process setsched;

Paul.
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux