| 1 |
Hi. |
| 2 |
|
| 3 |
I knew (according to old posts on the list) that other people were |
| 4 |
interessted in these fixes, so the topic name modification ! |
| 5 |
|
| 6 |
However, I still have a small problem that would prevent the whole |
| 7 |
thing from working : |
| 8 |
|
| 9 |
With shell operations like |
| 10 |
semanage fcontext -a -s system_u -t courier_var_run_t '/var/run/imapd.*' |
| 11 |
semanage fcontext -a -s system_u -t courier_var_run_t '/var/run/pop3.*' |
| 12 |
semanage fcontext -a -s system_u -t courier_authdaemon_var_run_t |
| 13 |
'/var/run/authdaemon?* |
| 14 |
|
| 15 |
and then a restorecon /var/run/*, |
| 16 |
the files are correctly labelled for courier-imap. |
| 17 |
|
| 18 |
But either when rebooting or after an unprecised amount of time (ie |
| 19 |
refreshing operations, maybe), the files are no more correctly |
| 20 |
labelled (var_run_t). |
| 21 |
|
| 22 |
So, it means that the daemons do not care about what I told and that |
| 23 |
they change the files type. How can this be fixed ? |
| 24 |
|
| 25 |
After that, I think that courier-imap will be okay (I will checked on |
| 26 |
the unpatched pop version). But if some people are looking for postfix |
| 27 |
fixes (I have problem with SMTP too), I will try to fix that later (ie |
| 28 |
maybe not today :D) |
| 29 |
|
| 30 |
-- Julien Thomas |
| 31 |
|
| 32 |
John Huttley <John@×××××××××××××××.nz> a écrit : |
| 33 |
|
| 34 |
> I'm glad you are fixiing this since I'm using it as a basis for a new |
| 35 |
> cyrus-imapd policy!! |
| 36 |
> |
| 37 |
> --john |
| 38 |
> |
| 39 |
> |
| 40 |
> julien.thomas@×××××××××××××.fr wrote: |
| 41 |
>> Hi. |
| 42 |
>> The problems of courier-imap began to be solved ... |
| 43 |
>> |
| 44 |
>> (The previous post where labelled by "SELinux - network streams" |
| 45 |
>> but as I am more focused with courier-imap now, I though it was |
| 46 |
>> good to change the subject) |
| 47 |
>> |
| 48 |
>> However, here is the problem I have with file labelling : |
| 49 |
>> |
| 50 |
>> I put it /etc/security/selinx/file_contexts the following lines |
| 51 |
>> /var/run/impad.* system_u:object_r:courier_var_run_t |
| 52 |
>> /var/run/pop3.* system_u:object_r:courier_var_run_t |
| 53 |
>> /var/run/authdaemon.* system_u:object_r:courier_var_run_t |
| 54 |
>> |
| 55 |
>> as the previous ones (/var/run/courier(/.*)?) where wrong. |
| 56 |
>> |
| 57 |
>> However, restorecon do not give the good contexts for these files |
| 58 |
>> (var_run_t). Besides, when the server are restarted or after let's |
| 59 |
>> say one hour, |
| 60 |
>> the files got the var_run_t context though I changed them with chcon. |
| 61 |
>> |
| 62 |
>> Where should I put this file_context information. |
| 63 |
>> (Do I have to add this I a QuickFix module ?) |
| 64 |
>> |
| 65 |
>> for the other problem, It was due to transition problems. |
| 66 |
>> I have added the following lines : |
| 67 |
>> type_transition initrc_t courier_exec_t:process courier_tcpd_t; |
| 68 |
>> type_transition courier_tcpd_t courier_authdaemon_exec_t:process |
| 69 |
>> courier_authdaemon_t; |
| 70 |
>> |
| 71 |
>> Julien Thomas. |
| 72 |
>> |
| 73 |
> -- |
| 74 |
> gentoo-hardened@g.o mailing list |
| 75 |
|
| 76 |
|
| 77 |
|
| 78 |
-- |
| 79 |
gentoo-hardened@g.o mailing list |
Archives