From: russell@coker.com.au (Russell Coker)
Date: Wed, 17 Sep 2014 18:00:18 +1000
Subject: [refpolicy] [PATCH 2/7] Label /var/spool/postfix/dev/ files
In-Reply-To: <53FCB279.7030607@m4x.org>
References: <1408793751-11289-1-git-send-email-nicolas.iooss@m4x.org>
	<1408793751-11289-3-git-send-email-nicolas.iooss@m4x.org>
	<53FB5086.1050808@tresys.com> <53FCB279.7030607@m4x.org>
Message-ID: <7725e38f-887f-4b55-acd7-044cff9cec0e@email.android.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On a SE Linux system chrooting Postfix (and most daemons for that matter) requires granting MORE privileges to the daemon. Enabling that configuration makes things more difficult with no benefit.

The only possible benefit to enabling chroot is for a system that's not running SE Linux all the time. But it should be easy to revert the postfix-nochroot change for that situation (file a Debian bug report if it's too difficult to revert).
-- 
Sent from my Samsung Galaxy Note 2 with K-9 Mail.