this update includes serialmail support, support for qmail-1.0.3-r13 (tested
only on 1 lucky non-production server) and alias file contexts.
as I have said before, it is _extremely_ important to label everything inside
~alias (/var/qmail/alias) with a $user_home_t type.
$user can be user, staff or sysadm depending on everyone's taste. without
labeling ~alias, this entire policy is useless. mails that have to be received
by users that have aliases will never arrive. mails to root cannot be sent to a
local user/mail address, postmaster mails will never be delivered, ezmlm will
never function correctly, etc.
~alias looks like:
# cat /etc/passwd |grep alias
alias:x:200:200::/var/qmail/alias:/bin/false
# id alias
uid=200(alias) gid=200(nofiles) groups=200(nofiles)
i really see no problem in labeling it with staff_t for example. i have tried
to declare
user alias roles { staff_r };
to no avail. the 'alias' word seems to be 'misinterpreted' by m4.
can we please make something about this? I had no luck with Russell :(
BTW, please leave
/var/qmail/alias(/.*)? system_u:object_r:staff_home_t
or whatever without '--', because we have both files and directories there.
once I will be able to compile any qmail >qmail-1.03-r11 I will also add
functionality for .qmail files and I will do much more thorough tests. it looks
like qmail is a very unhappy package in gentoo. most of the time it doesn't
even compile (and I talk about the stable version here) because of bad patch
management. those patches are being changed upstream and it's only a small step
from md5sum errors to compile problems. IMHO all those patches should reside in
portage itself and they should be version/release oriented.
