From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Tue, 30 Jun 2009 15:29:05 -0400
Subject: [refpolicy] services_dovecot.patch
In-Reply-To: <4A2DAD4C.2060308@redhat.com>
References: <4A2DAD4C.2060308@redhat.com>
Message-ID: <1246390147.2276.213.camel@gorn>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Mon, 2009-06-08 at 20:31 -0400, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F11/services_dovecot.patch
> 
> Add context for dovecot init script
> 
> policy to cover dovecot/deliver executable
> 
> Dovecot uses kerberos templates.
> 
> Dovecot_auth neesds chown and dac_override
> 
> dovecot auth creates /tmp files
> 
> Uses var_run and connects to the auth_stream
> 
> Sends audit and syslog messages

Merged.  Now that there is a deliver domain, can the userdom_* calls be
removed from the main dovecot_t ddomain?

-- 
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150