1 |
Hi. |
2 |
|
3 |
I knew (according to old posts on the list) that other people were |
4 |
interessted in these fixes, so the topic name modification ! |
5 |
|
6 |
However, I still have a small problem that would prevent the whole |
7 |
thing from working : |
8 |
|
9 |
With shell operations like |
10 |
semanage fcontext -a -s system_u -t courier_var_run_t '/var/run/imapd.*' |
11 |
semanage fcontext -a -s system_u -t courier_var_run_t '/var/run/pop3.*' |
12 |
semanage fcontext -a -s system_u -t courier_authdaemon_var_run_t |
13 |
'/var/run/authdaemon?* |
14 |
|
15 |
and then a restorecon /var/run/*, |
16 |
the files are correctly labelled for courier-imap. |
17 |
|
18 |
But either when rebooting or after an unprecised amount of time (ie |
19 |
refreshing operations, maybe), the files are no more correctly |
20 |
labelled (var_run_t). |
21 |
|
22 |
So, it means that the daemons do not care about what I told and that |
23 |
they change the files type. How can this be fixed ? |
24 |
|
25 |
After that, I think that courier-imap will be okay (I will checked on |
26 |
the unpatched pop version). But if some people are looking for postfix |
27 |
fixes (I have problem with SMTP too), I will try to fix that later (ie |
28 |
maybe not today :D) |
29 |
|
30 |
-- Julien Thomas |
31 |
|
32 |
John Huttley <John@×××××××××××××××.nz> a écrit : |
33 |
|
34 |
> I'm glad you are fixiing this since I'm using it as a basis for a new |
35 |
> cyrus-imapd policy!! |
36 |
> |
37 |
> --john |
38 |
> |
39 |
> |
40 |
> julien.thomas@×××××××××××××.fr wrote: |
41 |
>> Hi. |
42 |
>> The problems of courier-imap began to be solved ... |
43 |
>> |
44 |
>> (The previous post where labelled by "SELinux - network streams" |
45 |
>> but as I am more focused with courier-imap now, I though it was |
46 |
>> good to change the subject) |
47 |
>> |
48 |
>> However, here is the problem I have with file labelling : |
49 |
>> |
50 |
>> I put it /etc/security/selinx/file_contexts the following lines |
51 |
>> /var/run/impad.* system_u:object_r:courier_var_run_t |
52 |
>> /var/run/pop3.* system_u:object_r:courier_var_run_t |
53 |
>> /var/run/authdaemon.* system_u:object_r:courier_var_run_t |
54 |
>> |
55 |
>> as the previous ones (/var/run/courier(/.*)?) where wrong. |
56 |
>> |
57 |
>> However, restorecon do not give the good contexts for these files |
58 |
>> (var_run_t). Besides, when the server are restarted or after let's |
59 |
>> say one hour, |
60 |
>> the files got the var_run_t context though I changed them with chcon. |
61 |
>> |
62 |
>> Where should I put this file_context information. |
63 |
>> (Do I have to add this I a QuickFix module ?) |
64 |
>> |
65 |
>> for the other problem, It was due to transition problems. |
66 |
>> I have added the following lines : |
67 |
>> type_transition initrc_t courier_exec_t:process courier_tcpd_t; |
68 |
>> type_transition courier_tcpd_t courier_authdaemon_exec_t:process |
69 |
>> courier_authdaemon_t; |
70 |
>> |
71 |
>> Julien Thomas. |
72 |
>> |
73 |
> -- |
74 |
> gentoo-hardened@g.o mailing list |
75 |
|
76 |
|
77 |
|
78 |
-- |
79 |
gentoo-hardened@g.o mailing list |