[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Fwd: newer postfix on RHEL5 (selinux policy)

On 04/15/2011 11:22 PM, Stephen John Smoogen wrote:

Asked Daniel Walsh what would be needed for a postfix2x policy. I am
wondering if we added the policy to the rpm with instructions on how
to install it would be ok?
Extremely ugly, against the common usage in RHEL and Fedora but functional. I could live with that if properly triggered from %postinstall and if the custom policy would be removed when uninstalling the package 


    Manuel



---------- Forwarded message ----------
From: Daniel J Walsh<dwalsh redhat com>
Date: Thu, Apr 14, 2011 at 12:55
Subject: Re: newer postfix on RHEL5 (selinux policy)
To: Stephen John Smoogen<smooge gmail com>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 04/14/2011 12:44 PM, Stephen John Smoogen wrote:

So people in EPEL is looking at packaging a newer postfix for RHEL4/5
as it has features they need. The problem though is with an selinux
policy for it as we would like to have it sit in parallel directories
and not conflict with the RHEL postfix. What would be the best ways to
make a policy for the systems (if it can only be RHEL5 oh well).


Just copy he existing file context files and change the path.

In RHEL5 you could just add the labels using semanage or better would be
to install a pp file  You need a one liner for postfix.te.  Then just
include a postfixnew.fc file with new paths.  The type definition should
remain the same.  You would also need to run restorecon on the paths
after you install the policy module.


cat postfixnew.te
policy_module(postfixnew,1.0)

cat postfixnew.fc
# postfix
/etc/postfix(/.*)?              gen_context(system_u:object_r:postfix_etc_t,s0)
ifdef(`distro_redhat', `
/usr/libexec/postfix/.* --      gen_context(system_u:object_r:postfix_exec_t,s0)
/usr/libexec/postfix/cleanup --
gen_context(system_u:object_r:postfix_cleanup_exec_t,s0)
/usr/libexec/postfix/lmtp --
gen_context(system_u:object_r:postfix_smtp_exec_t,s0)
/usr/libexec/postfix/local --
gen_context(system_u:object_r:postfix_local_exec_t,s0)
/usr/libexec/postfix/master --
gen_context(system_u:object_r:postfix_master_exec_t,s0)
/usr/libexec/postfix/pickup --
gen_context(system_u:object_r:postfix_pickup_exec_t,s0)
/usr/libexec/postfix/(n)?qmgr --
gen_context(system_u:object_r:postfix_qmgr_exec_t,s0)
/usr/libexec/postfix/showq --
gen_context(system_u:object_r:postfix_showq_exec_t,s0)
/usr/libexec/postfix/smtp --
gen_context(system_u:object_r:postfix_smtp_exec_t,s0)
/usr/libexec/postfix/scache --
gen_context(system_u:object_r:postfix_smtp_exec_t,s0)
/usr/libexec/postfix/smtpd --
gen_context(system_u:object_r:postfix_smtpd_exec_t,s0)
/usr/libexec/postfix/bounce --
gen_context(system_u:object_r:postfix_bounce_exec_t,s0)
/usr/libexec/postfix/pipe --
gen_context(system_u:object_r:postfix_pipe_exec_t,s0)
/usr/libexec/postfix/virtual --
gen_context(system_u:object_r:postfix_virtual_exec_t,s0)
', `
/usr/lib/postfix/.*     --      gen_context(system_u:object_r:postfix_exec_t,s0)
/usr/lib/postfix/cleanup --
gen_context(system_u:object_r:postfix_cleanup_exec_t,s0)
/usr/lib/postfix/local  --
gen_context(system_u:object_r:postfix_local_exec_t,s0)
/usr/lib/postfix/master --
gen_context(system_u:object_r:postfix_master_exec_t,s0)
/usr/lib/postfix/pickup --
gen_context(system_u:object_r:postfix_pickup_exec_t,s0)
/usr/lib/postfix/(n)?qmgr --
gen_context(system_u:object_r:postfix_qmgr_exec_t,s0)
/usr/lib/postfix/showq  --
gen_context(system_u:object_r:postfix_showq_exec_t,s0)
/usr/lib/postfix/smtp   --
gen_context(system_u:object_r:postfix_smtp_exec_t,s0)
/usr/lib/postfix/lmtp   --
gen_context(system_u:object_r:postfix_smtp_exec_t,s0)
/usr/lib/postfix/scache --
gen_context(system_u:object_r:postfix_smtp_exec_t,s0)
/usr/lib/postfix/smtpd  --
gen_context(system_u:object_r:postfix_smtpd_exec_t,s0)
/usr/lib/postfix/bounce --
gen_context(system_u:object_r:postfix_bounce_exec_t,s0)
/usr/lib/postfix/pipe   --
gen_context(system_u:object_r:postfix_pipe_exec_t,s0)
')
/etc/postfix/postfix-script.* --
gen_context(system_u:object_r:postfix_exec_t,s0)
/etc/postfix/prng_exch  --      gen_context(system_u:object_r:postfix_prng_t,s0)
/usr/sbin/postalias     --
gen_context(system_u:object_r:postfix_master_exec_t,s0)
/usr/sbin/postdrop      --
gen_context(system_u:object_r:postfix_postdrop_exec_t,s0)
/usr/sbin/postfix       --
gen_context(system_u:object_r:postfix_master_exec_t,s0)
/usr/sbin/postkick      --
gen_context(system_u:object_r:postfix_master_exec_t,s0)
/usr/sbin/postlock      --
gen_context(system_u:object_r:postfix_master_exec_t,s0)
/usr/sbin/postlog       --
gen_context(system_u:object_r:postfix_master_exec_t,s0)
/usr/sbin/postmap       --
gen_context(system_u:object_r:postfix_map_exec_t,s0)
/usr/sbin/postqueue     --
gen_context(system_u:object_r:postfix_postqueue_exec_t,s0)
/usr/sbin/postsuper     --
gen_context(system_u:object_r:postfix_master_exec_t,s0)
/var/lib/postfix(/.*)?
gen_context(system_u:object_r:postfix_var_lib_t,s0)
/var/run/postfix(/.*)?
gen_context(system_u:object_r:postfix_var_run_t,s0)

/var/spool/postfix(/.*)?
gen_context(system_u:object_r:postfix_spool_t,s0)
/var/spool/postfix/maildrop(/.*)?
gen_context(system_u:object_r:postfix_spool_maildrop_t,s0)
/var/spool/postfix/pid/.*
gen_context(system_u:object_r:postfix_var_run_t,s0)
/var/spool/postfix/private(/.*)?
gen_context(system_u:object_r:postfix_private_t,s0)
/var/spool/postfix/public(/.*)?
gen_context(system_u:object_r:postfix_public_t,s0)
/var/spool/postfix/bounce(/.*)?
gen_context(system_u:object_r:postfix_spool_bounce_t,s0)
/var/spool/postfix/flush(/.*)?
gen_context(system_u:object_r:postfix_spool_flush_t,s0)
dwalsh lo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAk2nQyEACgkQrlYvE4MpobOYOwCgwZslQGC0Xn/t3ql3TpoyWNKg
lYwAn34zsszGEnTQS2pFSzuvlQQNXe6Z
=CrdE
-----END PGP SIGNATURE-----
[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]