this update includes serialmail support, support for qmail-1.0.3-r13 (tested only on 1 lucky non-production server) and alias file contexts. as I have said before, it is _extremely_ important to label everything inside ~alias (/var/qmail/alias) with a $user_home_t type. $user can be user, staff or sysadm depending on everyone's taste. without labeling ~alias, this entire policy is useless. mails that have to be received by users that have aliases will never arrive. mails to root cannot be sent to a local user/mail address, postmaster mails will never be delivered, ezmlm will never function correctly, etc. ~alias looks like: # cat /etc/passwd |grep alias alias:x:200:200::/var/qmail/alias:/bin/false # id alias uid=200(alias) gid=200(nofiles) groups=200(nofiles) i really see no problem in labeling it with staff_t for example. i have tried to declare user alias roles { staff_r }; to no avail. the 'alias' word seems to be 'misinterpreted' by m4. can we please make something about this? I had no luck with Russell :( BTW, please leave /var/qmail/alias(/.*)? system_u:object_r:staff_home_t or whatever without '--', because we have both files and directories there. once I will be able to compile any qmail >qmail-1.03-r11 I will also add functionality for .qmail files and I will do much more thorough tests. it looks like qmail is a very unhappy package in gentoo. most of the time it doesn't even compile (and I talk about the stable version here) because of bad patch management. those patches are being changed upstream and it's only a small step from md5sum errors to compile problems. IMHO all those patches should reside in portage itself and they should be version/release oriented.
Created attachment 30232 [details, diff] file contexts
Created attachment 30233 [details, diff] type enforcement
in CVS
