From: dac.override@gmail.com (Dominick Grift) Date: Thu, 1 Jan 2015 18:41:21 +0100 Subject: [refpolicy] [PATCH v2 1/6] Courier TCPd startup creates imapd.pid.lock and imapd.lock In-Reply-To: <1420042198-4676-2-git-send-email-sven.vermeulen@siphos.be> References: <1420042198-4676-1-git-send-email-sven.vermeulen@siphos.be> <1420042198-4676-2-git-send-email-sven.vermeulen@siphos.be> Message-ID: <20150101174121.GA4840@bigboy.network2> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Wed, Dec 31, 2014 at 05:09:53PM +0100, Sven Vermeulen wrote: > Startup of courier-imapd creates /var/run/imapd.pid.lock and imapd.lock > > Signed-off-by: Sven Vermeulen > --- > courier.fc | 2 ++ > courier.te | 2 ++ > 2 files changed, 4 insertions(+) > > diff --git a/courier.fc b/courier.fc > index 2f017a0..abdc37e 100644 > --- a/courier.fc > +++ b/courier.fc > @@ -27,6 +27,8 @@ > /var/lib/courier-imap(/.*)? gen_context(system_u:object_r:courier_var_lib_t,s0) > > /var/run/courier(/.*)? gen_context(system_u:object_r:courier_var_run_t,s0) > +/var/run/imapd\.pid -- gen_context(system_u:object_r:courier_var_run_t,s0) This conflicts with uwimap pid file context specification Not sure how to deal with this, but i would prefer: Did you build with: --with-piddir=dir - use dir/imapd.pid to store couriertcpd's process ID. Probably better to set --with-piddir=/var/run/courier That will make this patch redundant > +/var/run/imapd\.pid\.lock -- gen_context(system_u:object_r:courier_var_run_t,s0) > > /var/spool/authdaemon(/.*)? gen_context(system_u:object_r:courier_spool_t,s0) > /var/spool/courier(/.*)? gen_context(system_u:object_r:courier_spool_t,s0) > diff --git a/courier.te b/courier.te > index ae3bc70..112a60b 100644 > --- a/courier.te > +++ b/courier.te > @@ -172,6 +172,8 @@ corenet_tcp_sendrecv_pop_port(courier_tcpd_t) > dev_read_rand(courier_tcpd_t) > dev_read_urand(courier_tcpd_t) > > +files_pid_filetrans(courier_tcpd_t, courier_var_run_t, file) > + > miscfiles_read_localization(courier_tcpd_t) > > ######################################## > -- > 2.0.5 > > _______________________________________________ > refpolicy mailing list > refpolicy at oss.tresys.com > http://oss.tresys.com/mailman/listinfo/refpolicy -- Dominick Grift -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 648 bytes Desc: not available Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20150101/26b55a01/attachment.bin