From: sven.vermeulen@siphos.be (Sven Vermeulen) Date: Wed, 28 May 2014 17:37:03 +0200 Subject: [refpolicy] [PATCH 1/1] The /var/qmail root is generic in nature (and definitely not qmail_etc_t) Message-ID: <1401291423-23984-1-git-send-email-sven.vermeulen@siphos.be> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com The original qmail module explicitly marked /var/qmail directory as var_t as this location is nothing more than a generic root location. The actual qmail specifics are subdirectories in this location. Most domains that use qmail components do not expect this location to be qmail_etc_t. Changes since v1 - Update qmail.fc instead of marking /var/qmail in kernel/files.fc Signed-off-by: Sven Vermeulen --- qmail.fc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/qmail.fc b/qmail.fc index e53fe5a..d5c6433 100644 --- a/qmail.fc +++ b/qmail.fc @@ -32,6 +32,6 @@ /var/qmail/bin/splogger -- gen_context(system_u:object_r:qmail_splogger_exec_t,s0) /var/qmail/bin/tcp-env -- gen_context(system_u:object_r:qmail_tcp_env_exec_t,s0) -/var/qmail(/.*)? gen_context(system_u:object_r:qmail_etc_t,s0) +/var/qmail/(.*)? gen_context(system_u:object_r:qmail_etc_t,s0) /var/spool/qmail(/.*)? gen_context(system_u:object_r:qmail_spool_t,s0) -- 1.8.5.5