On 04/10/2014 02:10 AM, William Brown wrote:
Hi,
I run a dovecot instance that looks up users from ldap. Of course, this
is done via SSL/TLS.
As a result, I get a number of denials that dovecot can't read the
slapd_cert type.
Would it be worth adding an optional policy to dovecot.te such as:
optional_policy(`
ldap_read_certs(dovecot_auth_t)
')
PS: What is optional_policy for? Is that just so that if that
interface / type isn't available, it doesn't cause an error in the
policy build?
Dan added these changes.
commit a330d66d2dfe23312f1911e3210fc63fa9e9d3ec
Author: Dan Walsh <dwalsh@xxxxxxxxxx>
Date: Wed Apr 23 21:10:33 2014 -0400
If you use ldap you should be able to read certs
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
