New in rc1 is a directory /var/lib/dovecot where the SSL parameters files are generated before they are copied to the login directory.
The following additions to policy support this:
:::::::::::::: dovecot.fc :::::::::::::: /var/lib/dovecot(/.*)? gen_context(system_u:object_r:dovecot_var_lib_t,s0) :::::::::::::: dovecot.te :::::::::::::: policy_module(dovecot, 0.1.4)
######################################## # # Declarations #
require { type dovecot_t; };
# /var/lib/dovecot holds SSL parameters file type dovecot_var_lib_t; files_type(dovecot_var_lib_t)
######################################## # # Local policy #
# Allow dovecot to read the routing table (in selinux-policy 2.2.43-4.fc5) #allow dovecot_t self:netlink_route_socket { r_netlink_socket_perms };
# Allow dovecot to create and read SSL parameters file files_search_var_lib(dovecot_t) allow dovecot_t dovecot_var_lib_t:dir { rw_dir_perms }; allow dovecot_t dovecot_var_lib_t:file { manage_file_perms };
Paul.
Paul Howarth wrote:
New in rc1 is a directory /var/lib/dovecot where the SSL parameters files are generated before they are copied to the login directory.
The following additions to policy support this:
:::::::::::::: dovecot.fc :::::::::::::: /var/lib/dovecot(/.*)? gen_context(system_u:object_r:dovecot_var_lib_t,s0) :::::::::::::: dovecot.te :::::::::::::: policy_module(dovecot, 0.1.4)
######################################## # # Declarations #
require { type dovecot_t; };
# /var/lib/dovecot holds SSL parameters file type dovecot_var_lib_t; files_type(dovecot_var_lib_t)
######################################## # # Local policy #
# Allow dovecot to read the routing table (in selinux-policy 2.2.43-4.fc5) #allow dovecot_t self:netlink_route_socket { r_netlink_socket_perms };
# Allow dovecot to create and read SSL parameters file files_search_var_lib(dovecot_t) allow dovecot_t dovecot_var_lib_t:dir { rw_dir_perms }; allow dovecot_t dovecot_var_lib_t:file { manage_file_perms };
Paul.
Added to selinux-policy-2.3.2-3
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list
selinux@lists.fedoraproject.org