From: dac.override@gmail.com (Dominick Grift) Date: Tue, 30 Dec 2014 21:44:37 +0100 Subject: [refpolicy] [PATCH 1/6] Courier TCPd startup creates imapd.pid.lock and imapd.lock In-Reply-To: <1419970899-19892-2-git-send-email-sven.vermeulen@siphos.be> References: <1419970899-19892-1-git-send-email-sven.vermeulen@siphos.be> <1419970899-19892-2-git-send-email-sven.vermeulen@siphos.be> Message-ID: <20141230204437.GA12724@bigboy.network2> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Tue, Dec 30, 2014 at 09:21:34PM +0100, Sven Vermeulen wrote: > Startup of courier-imapd creates /var/run/imapd.pid.lock and imapd.lock > > Signed-off-by: Sven Vermeulen > --- > courier.te | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/courier.te b/courier.te > index ae3bc70..112a60b 100644 > --- a/courier.te > +++ b/courier.te > @@ -172,6 +172,8 @@ corenet_tcp_sendrecv_pop_port(courier_tcpd_t) > dev_read_rand(courier_tcpd_t) > dev_read_urand(courier_tcpd_t) > > +files_pid_filetrans(courier_tcpd_t, courier_var_run_t, file) Then this should probably go with a file context specification for /var/run/imapd.pid.lock and /var/run/imapd.lock Could you enclose those as part of this patch if there are none for the above locations already (i could not find them in courier.fc) > + > miscfiles_read_localization(courier_tcpd_t) > > ######################################## > -- > 2.0.5 > > _______________________________________________ > refpolicy mailing list > refpolicy at oss.tresys.com > http://oss.tresys.com/mailman/listinfo/refpolicy -- Dominick Grift -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 648 bytes Desc: not available Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20141230/22ac2530/attachment.bin