new selinux policy files
Created attachment 23129 [details]
Created attachment 23130 [details]
Is there a reason you renamed courier.te to courier-imap.te? Especially when it says it handles the imap and pop servers?
Yes, there is another package (net-mail/courier) that is a MTA.
These two packages has no dependencies one over the other, so I guess they should
have different policy files. As a matter of fact I'm using net-mail/courier-imap with qmail (this has no effect over the policy).
Hmm, these are extensive changes compared to the NSA and Russell's policies. Could you tell me more about them?
the original policy was that from Russell, and I made the following changes:
* added courier_shadow_t type. this is the label for the /etc/userdb* files that are used for authentication, for getting uid, gid and maildir location info (used if authdb or authcram authentication is used). tested with both authdb and authcram.
* replaced courier_pop (or smth) with courier_imap (which realy is the name of the package in discussion)
* remade the file_contexts so they match the gentoo file locations.
* added support for couriertls (tested with secure imap)
* removed sqwebmail (http://www.inter7.com/sqwebmail.html) support, since it's a different package and if I am correct it's not even in portage.
things not tested:
* calendaring (i'm pretty sure it's not part of courier-imap, and if it's the case those 3 lines from .te can be removed)
* selinux networking support.
I use this policy for more than a week and it's rock solid.
BTW. I'm quite busy these days, please don't be upset if I respond with a greater delay :(
Created attachment 23599 [details]
Created attachment 24497 [details]
support for pid files (gentoo default locations)
committed to portage