From: nicolas.iooss@m4x.org (Nicolas Iooss)
Date: Tue, 26 Aug 2014 18:14:49 +0200
Subject: [refpolicy] [PATCH 2/7] Label /var/spool/postfix/dev/ files
In-Reply-To: <53FB5086.1050808@tresys.com>
References: <1408793751-11289-1-git-send-email-nicolas.iooss@m4x.org>
	<1408793751-11289-3-git-send-email-nicolas.iooss@m4x.org>
	<53FB5086.1050808@tresys.com>
Message-ID: <53FCB279.7030607@m4x.org>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

2014-08-25 17:04 GMT+02:00 Christopher J. PeBenito:
> On 8/23/2014 7:35 AM, Nicolas Iooss wrote:
>> On Debian, /var/spool/postfix/dev contains log, urandom and random in
>> the same types as the files in /dev.
> 
> It might make more sense for Debian to have a path substitution, rather
> than duplicating file contexts.  I'm guessing this is Postfix chrooting
> into /var/spool/postfix, so /var/spool/postfix/dev is the chroot's /dev?
> 

I just remembered something I've read when I first set up SELinux on a
Debian system.  Debian wiki says: "If you are using postfix, disable
chroot-support by running postfix-nochroot" [1].  So I guess Postfix
chrooting is not supported by Debian-SELinux developers.

Therefore I'm ok to drop this patch.  Sorry for submitting it before
checking whether chrooted Postfix configurations were supported on
SELinux-enabled Debian.

Nicolas

[1]
https://wiki.debian.org/SELinux/Setup#mail_servers_.28postfix.2Fexim.2Fetc.29