From: paul@city-fan.org (Paul Howarth) Date: Tue, 14 Oct 2008 23:59:59 +0100 Subject: [refpolicy] services_dovecot.patch In-Reply-To: <48F50418.90103@redhat.com> References: <48F50418.90103@redhat.com> Message-ID: <20081014235959.07002666@metropolis.intra.city-fan.org> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Tue, 14 Oct 2008 16:42:00 -0400 Daniel J Walsh wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > http://people.fedoraproject.org/~dwalsh/SELinux/F10/services_dovecot.patch > > initrc handling > > Fix labeling on files only /var/run/dovecot/login/ssl-parameters.dat > > > Add admin interface > > Add policy for deliver > Add domain to connect to dovecot_auth > > > dovecot uses /tmp > > auth reads usr files > > auth can communicate with mysql, posfix > > Uses nis authentication > > Usses gssapi Someone was whining on fedora-devel-list today that they'd configured dovecot to write logs to a directory /var/log/dovecot that they'd created but were blocked by SELinux. Cue standard anti-SELinux rantlet. There's currently no dovecot_log_t to enable this easily, so perhaps that could be added too? Paul.