From: paul@city-fan.org (Paul Howarth)
Date: Tue, 14 Oct 2008 23:59:59 +0100
Subject: [refpolicy] services_dovecot.patch
In-Reply-To: <48F50418.90103@redhat.com>
References: <48F50418.90103@redhat.com>
Message-ID: <20081014235959.07002666@metropolis.intra.city-fan.org>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Tue, 14 Oct 2008 16:42:00 -0400
Daniel J Walsh <dwalsh@redhat.com> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> http://people.fedoraproject.org/~dwalsh/SELinux/F10/services_dovecot.patch
> 
> initrc handling
> 
> Fix labeling on files only /var/run/dovecot/login/ssl-parameters.dat
> 
> 
> Add admin interface
> 
> Add policy for deliver
> Add domain to connect to dovecot_auth
> 
> 
> dovecot uses /tmp
> 
> auth reads usr files
> 
> auth can communicate with mysql, posfix
> 
> Uses nis authentication
> 
> Usses gssapi

Someone was whining on fedora-devel-list today that they'd configured
dovecot to write logs to a directory /var/log/dovecot that they'd
created but were blocked by SELinux. Cue standard anti-SELinux rantlet.
There's currently no dovecot_log_t to enable this easily, so perhaps
that could be added too?

Paul.