Summary: | courier-imap policy files | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | petre rodan (RETIRED) <kaiowas> | ||||||||||
Component: | Vulnerabilities | Assignee: | Chris PeBenito (RETIRED) <pebenito> | ||||||||||
Status: | VERIFIED TEST-REQUEST | ||||||||||||
Severity: | normal | ||||||||||||
Priority: | High | ||||||||||||
Version: | unspecified | ||||||||||||
Hardware: | All | ||||||||||||
OS: | All | ||||||||||||
Whiteboard: | |||||||||||||
Package list: | Runtime testing required: | --- | |||||||||||
Attachments: |
|
Description
petre rodan (RETIRED)
2004-01-04 04:48:34 UTC
Created attachment 23129 [details]
file_contexts
Created attachment 23130 [details]
type enforcement
Is there a reason you renamed courier.te to courier-imap.te? Especially when it says it handles the imap and pop servers? Yes, there is another package (net-mail/courier) that is a MTA. These two packages has no dependencies one over the other, so I guess they should have different policy files. As a matter of fact I'm using net-mail/courier-imap with qmail (this has no effect over the policy). bye, peter Hmm, these are extensive changes compared to the NSA and Russell's policies. Could you tell me more about them? the original policy was that from Russell, and I made the following changes: * added courier_shadow_t type. this is the label for the /etc/userdb* files that are used for authentication, for getting uid, gid and maildir location info (used if authdb or authcram authentication is used). tested with both authdb and authcram. * replaced courier_pop (or smth) with courier_imap (which realy is the name of the package in discussion) * remade the file_contexts so they match the gentoo file locations. * added support for couriertls (tested with secure imap) * removed sqwebmail (http://www.inter7.com/sqwebmail.html) support, since it's a different package and if I am correct it's not even in portage. things not tested: * calendaring (i'm pretty sure it's not part of courier-imap, and if it's the case those 3 lines from .te can be removed) * selinux networking support. I use this policy for more than a week and it's rock solid. BTW. I'm quite busy these days, please don't be upset if I respond with a greater delay :( Created attachment 23599 [details]
type enforcement
selinux-base-policy-20031225 friendly
Created attachment 24497 [details]
file contexts
support for pid files (gentoo default locations)
committed to portage flawless :) |