From: nicolas.iooss@m4x.org (Nicolas Iooss) Date: Tue, 26 Aug 2014 18:14:49 +0200 Subject: [refpolicy] [PATCH 2/7] Label /var/spool/postfix/dev/ files In-Reply-To: <53FB5086.1050808@tresys.com> References: <1408793751-11289-1-git-send-email-nicolas.iooss@m4x.org> <1408793751-11289-3-git-send-email-nicolas.iooss@m4x.org> <53FB5086.1050808@tresys.com> Message-ID: <53FCB279.7030607@m4x.org> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com 2014-08-25 17:04 GMT+02:00 Christopher J. PeBenito: > On 8/23/2014 7:35 AM, Nicolas Iooss wrote: >> On Debian, /var/spool/postfix/dev contains log, urandom and random in >> the same types as the files in /dev. > > It might make more sense for Debian to have a path substitution, rather > than duplicating file contexts. I'm guessing this is Postfix chrooting > into /var/spool/postfix, so /var/spool/postfix/dev is the chroot's /dev? > I just remembered something I've read when I first set up SELinux on a Debian system. Debian wiki says: "If you are using postfix, disable chroot-support by running postfix-nochroot" [1]. So I guess Postfix chrooting is not supported by Debian-SELinux developers. Therefore I'm ok to drop this patch. Sorry for submitting it before checking whether chrooted Postfix configurations were supported on SELinux-enabled Debian. Nicolas [1] https://wiki.debian.org/SELinux/Setup#mail_servers_.28postfix.2Fexim.2Fetc.29