Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 37179 - courier-imap policy files
Summary: courier-imap policy files
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All All
: High normal (vote)
Assignee: Chris PeBenito (RETIRED)
Depends on:
Reported: 2004-01-04 04:48 UTC by petre rodan (RETIRED)
Modified: 2011-10-30 22:38 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

file_contexts (courier-imap.fc,1.54 KB, text/plain)
2004-01-04 04:49 UTC, petre rodan (RETIRED)
no flags Details
type enforcement (courier-imap.te,5.12 KB, text/plain)
2004-01-04 04:49 UTC, petre rodan (RETIRED)
no flags Details
type enforcement (courier-imap.te,5.17 KB, text/plain)
2004-01-11 08:25 UTC, petre rodan (RETIRED)
no flags Details
file contexts (courier-imap.fc,2.57 KB, text/plain)
2004-01-27 13:03 UTC, petre rodan (RETIRED)
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description petre rodan (RETIRED) gentoo-dev 2004-01-04 04:48:34 UTC
new selinux policy files
Comment 1 petre rodan (RETIRED) gentoo-dev 2004-01-04 04:49:07 UTC
Created attachment 23129 [details]
Comment 2 petre rodan (RETIRED) gentoo-dev 2004-01-04 04:49:42 UTC
Created attachment 23130 [details]
type enforcement
Comment 3 Chris PeBenito (RETIRED) gentoo-dev 2004-01-04 18:27:09 UTC
Is there a reason you renamed courier.te to courier-imap.te?  Especially when it says it handles the imap and pop servers?
Comment 4 petre rodan (RETIRED) gentoo-dev 2004-01-04 23:06:37 UTC
Yes, there is another package (net-mail/courier) that is a MTA. 

These two packages has no dependencies one over the other, so I guess they should 
have different policy files. As a matter of fact I'm using net-mail/courier-imap with qmail (this has no effect over the policy).

Comment 5 Chris PeBenito (RETIRED) gentoo-dev 2004-01-06 13:03:20 UTC
Hmm, these are extensive changes compared to the NSA and Russell's policies.  Could you tell me more about them?
Comment 6 petre rodan (RETIRED) gentoo-dev 2004-01-07 00:22:10 UTC
the original policy was that from Russell, and I made the following changes:

* added courier_shadow_t type. this is the label for the /etc/userdb* files that are used for authentication, for getting uid, gid and maildir location info (used if authdb or authcram authentication is used). tested with both authdb and authcram.
* replaced courier_pop (or smth) with courier_imap (which realy is the name of the package in discussion)
* remade the file_contexts so they match the gentoo file locations.
* added support for couriertls (tested with secure imap)
* removed sqwebmail ( support, since it's a different package and if I am correct it's not even in portage.

things not tested:
* calendaring (i'm pretty sure it's not part of courier-imap, and if it's the case those 3 lines from .te can be removed)
* selinux networking support.

I use this policy for more than a week and it's rock solid.

BTW. I'm quite busy these days, please don't be upset if I respond with a greater delay :(
Comment 7 petre rodan (RETIRED) gentoo-dev 2004-01-11 08:25:16 UTC
Created attachment 23599 [details]
type enforcement

selinux-base-policy-20031225 friendly
Comment 8 petre rodan (RETIRED) gentoo-dev 2004-01-27 13:03:24 UTC
Created attachment 24497 [details]
file contexts

support for pid files (gentoo default locations)
Comment 9 Chris PeBenito (RETIRED) gentoo-dev 2004-02-03 20:35:26 UTC
committed to portage
Comment 10 petre rodan (RETIRED) gentoo-dev 2004-02-05 12:24:52 UTC
flawless :)