From: sven.vermeulen@siphos.be (Sven Vermeulen)
Date: Thu, 22 May 2014 19:55:42 +0200
Subject: [refpolicy] [PATCH 1/1] The /var/qmail root is generic in nature
	(and definitely not qmail_etc_t)
Message-ID: <1400781342-12154-1-git-send-email-sven.vermeulen@siphos.be>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

The original qmail module explicitly marked /var/qmail directory as
var_t as this location is nothing more than a generic root location. The
actual qmail specifics are subdirectories in this location.

Most domains that use qmail components do not expect this location to be
qmail_etc_t.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
---
 policy/modules/kernel/files.fc | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/policy/modules/kernel/files.fc b/policy/modules/kernel/files.fc
index b876c48..c6c27c3 100644
--- a/policy/modules/kernel/files.fc
+++ b/policy/modules/kernel/files.fc
@@ -252,6 +252,8 @@ ifndef(`distro_redhat',`
 /var/lost\+found	-d	gen_context(system_u:object_r:lost_found_t,mls_systemhigh)
 /var/lost\+found/.*		<<none>>
 
+/var/qmail		-d	gen_context(system_u:object_r:var_t,s0)
+
 /var/run		-d	gen_context(system_u:object_r:var_run_t,s0-mls_systemhigh)
 /var/run		-l	gen_context(system_u:object_r:var_run_t,s0)
 /var/run/.*			gen_context(system_u:object_r:var_run_t,s0)
-- 
1.8.5.5