Note: Due to technical difficulties, the Archives are currently not up to date.
GMANE provides an alternative service for most mailing lists. c.f. bug 424647
Hi,
Mark Huijgen wrote:
> With base-policy 20040906 and courier-imap-20040928
>
> avc: denied { name_bind } for pid=1238
> exe=/usr/lib/courier-imap/couriertcpd
> scontext=system_u:system_r:courier_tcpd_t
> tcontext=system_u:object_r:port_t tclass=tcp_socket
>
> When starting the imapd server of courier-imap.
> I think the reason for this is coming from courier-imap.te
> line 105-108
>
> allow courier_tcpd_t imap_port_t:tcp_socket name_bind;
> ...imaps_port_t...
> ...pop_port_t...
> ...pops_port_t...
>
> But these port types aren't defined in the policy.
> In net_contexts there are some for pop, but they are inside a
> ifdef('use_pop', and these are also not working for courier.
>
> I've tested it for the normal imap port, it works when i add this line
> to net_contexts:
> portcon tcp 143 system_u:object_r:imap_port_t
> it works fine.
>
> I think the same goes for 993 for imaps, 110 for pop and 995 for pops.
thanks for pointing that out.
'network hook'-related fixes are on my agenda for next week.
bye,
peter
--
petre rodan
<kaiowas@g.o>
Developer,
Hardened Gentoo Linux
|
|
