From: sven.vermeulen@siphos.be (Sven Vermeulen)
Date: Wed, 31 Dec 2014 17:09:25 +0100
Subject: [refpolicy] [PATCH 6/6] Courier IMAP needs to manage the users'
 maildir
In-Reply-To: <20141230205420.GC12724@bigboy.network2>
References: <1419970899-19892-1-git-send-email-sven.vermeulen@siphos.be>
	<1419970899-19892-7-git-send-email-sven.vermeulen@siphos.be>
	<20141230205420.GC12724@bigboy.network2>
Message-ID: <20141231160925.GB4733@siphos.be>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Tue, Dec 30, 2014 at 09:54:21PM +0100, Dominick Grift wrote:
> > diff --git a/courier.te b/courier.te
> > index c06c3ad..49fa11d 100644
> > --- a/courier.te
> > +++ b/courier.te
> > @@ -148,6 +148,8 @@ corecmd_exec_shell(courier_pop_t)
> >  
> >  miscfiles_read_localization(courier_pop_t)
> >  
> > +mta_manage_mail_home_rw_content(courier_pop_t)
> > +
> 
> Should this go together with a "mta_home_filetrans_mail_home(courier_pop_t, dir, ".maildir")", i.e. should courier-imapd be able to create that directory if it does not already exist?

Not here at least. The daemon does not try to create the .maildir - it
expects that it is already there. Without the directory available, the login
fails and in the logs the following is shown:

Dec 31 15:57:06 localhost imapd: Connection, ip=[::ffff:192.168.100.152]
Dec 31 15:57:06 localhost imapd: chdir .maildir: No such file or directory
Dec 31 15:57:06 localhost imapd: root: No such file or directory

There are no denials (even with dontaudits disabled) that show that it
tries to create it. So the admin needs to create it using the maildirmake
application (also provided through the courier-imap package).

> >  userdom_manage_user_home_content_files(courier_pop_t)
> >  userdom_manage_user_home_content_dirs(courier_pop_t)
> >  
> 
> The above may, or may not, be redundant now that we have a .maildir with a private type

Indeed, at least it is not necessary on my test system anymore. I'll remove
it with the patch as well.

Wkr,
	Sven Vermeulen