Fwd: newer postfix on RHEL5 (selinux policy)
Asked Daniel Walsh what would be needed for a postfix2x policy. I am
wondering if we added the policy to the rpm with instructions on how to install it would be ok? ---------- Forwarded message ---------- From: Daniel J Walsh <dwalsh@redhat.com> Date: Thu, Apr 14, 2011 at 12:55 Subject: Re: newer postfix on RHEL5 (selinux policy) To: Stephen John Smoogen <smooge@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 04/14/2011 12:44 PM, Stephen John Smoogen wrote: > So people in EPEL is looking at packaging a newer postfix for RHEL4/5 > as it has features they need. The problem though is with an selinux > policy for it as we would like to have it sit in parallel directories > and not conflict with the RHEL postfix. What would be the best ways to > make a policy for the systems (if it can only be RHEL5 oh well). > Just copy he existing file context files and change the path. In RHEL5 you could just add the labels using semanage or better would be to install a pp file *You need a one liner for postfix.te. *Then just include a postfixnew.fc file with new paths. *The type definition should remain the same. *You would also need to run restorecon on the paths after you install the policy module. cat postfixnew.te policy_module(postfixnew,1.0) cat postfixnew.fc # postfix /etc/postfix(/.*)? * * * * * * *gen_context(system_u:object_r:postfix_etc_t,s0) ifdef(`distro_redhat', ` /usr/libexec/postfix/.* -- * * *gen_context(system_u:object_r:postfix_exec_t,s0) /usr/libexec/postfix/cleanup -- gen_context(system_u:object_r:postfix_cleanup_exec _t,s0) /usr/libexec/postfix/lmtp -- gen_context(system_u:object_r:postfix_smtp_exec_t, s0) /usr/libexec/postfix/local -- gen_context(system_u:object_r:postfix_local_exec_t ,s0) /usr/libexec/postfix/master -- gen_context(system_u:object_r:postfix_master_exec_ t,s0) /usr/libexec/postfix/pickup -- gen_context(system_u:object_r:postfix_pickup_exec_ t,s0) /usr/libexec/postfix/(n)?qmgr -- gen_context(system_u:object_r:postfix_qmgr_exec_t, s0) /usr/libexec/postfix/showq -- gen_context(system_u:object_r:postfix_showq_exec_t ,s0) /usr/libexec/postfix/smtp -- gen_context(system_u:object_r:postfix_smtp_exec_t, s0) /usr/libexec/postfix/scache -- gen_context(system_u:object_r:postfix_smtp_exec_t, s0) /usr/libexec/postfix/smtpd -- gen_context(system_u:object_r:postfix_smtpd_exec_t ,s0) /usr/libexec/postfix/bounce -- gen_context(system_u:object_r:postfix_bounce_exec_ t,s0) /usr/libexec/postfix/pipe -- gen_context(system_u:object_r:postfix_pipe_exec_t, s0) /usr/libexec/postfix/virtual -- gen_context(system_u:object_r:postfix_virtual_exec _t,s0) ', ` /usr/lib/postfix/.* * * -- * * *gen_context(system_u:object_r:postfix_exec_t,s0) /usr/lib/postfix/cleanup -- gen_context(system_u:object_r:postfix_cleanup_exec _t,s0) /usr/lib/postfix/local *-- gen_context(system_u:object_r:postfix_local_exec_t ,s0) /usr/lib/postfix/master -- gen_context(system_u:object_r:postfix_master_exec_ t,s0) /usr/lib/postfix/pickup -- gen_context(system_u:object_r:postfix_pickup_exec_ t,s0) /usr/lib/postfix/(n)?qmgr -- gen_context(system_u:object_r:postfix_qmgr_exec_t, s0) /usr/lib/postfix/showq *-- gen_context(system_u:object_r:postfix_showq_exec_t ,s0) /usr/lib/postfix/smtp * -- gen_context(system_u:object_r:postfix_smtp_exec_t, s0) /usr/lib/postfix/lmtp * -- gen_context(system_u:object_r:postfix_smtp_exec_t, s0) /usr/lib/postfix/scache -- gen_context(system_u:object_r:postfix_smtp_exec_t, s0) /usr/lib/postfix/smtpd *-- gen_context(system_u:object_r:postfix_smtpd_exec_t ,s0) /usr/lib/postfix/bounce -- gen_context(system_u:object_r:postfix_bounce_exec_ t,s0) /usr/lib/postfix/pipe * -- gen_context(system_u:object_r:postfix_pipe_exec_t, s0) ') /etc/postfix/postfix-script.* -- gen_context(system_u:object_r:postfix_exec_t,s0) /etc/postfix/prng_exch *-- * * *gen_context(system_u:object_r:postfix_prng_t,s0) /usr/sbin/postalias * * -- gen_context(system_u:object_r:postfix_master_exec_ t,s0) /usr/sbin/postdrop * * *-- gen_context(system_u:object_r:postfix_postdrop_exe c_t,s0) /usr/sbin/postfix * * * -- gen_context(system_u:object_r:postfix_master_exec_ t,s0) /usr/sbin/postkick * * *-- gen_context(system_u:object_r:postfix_master_exec_ t,s0) /usr/sbin/postlock * * *-- gen_context(system_u:object_r:postfix_master_exec_ t,s0) /usr/sbin/postlog * * * -- gen_context(system_u:object_r:postfix_master_exec_ t,s0) /usr/sbin/postmap * * * -- gen_context(system_u:object_r:postfix_map_exec_t,s 0) /usr/sbin/postqueue * * -- gen_context(system_u:object_r:postfix_postqueue_ex ec_t,s0) /usr/sbin/postsuper * * -- gen_context(system_u:object_r:postfix_master_exec_ t,s0) /var/lib/postfix(/.*)? gen_context(system_u:object_r:postfix_var_lib_t,s0 ) /var/run/postfix(/.*)? gen_context(system_u:object_r:postfix_var_run_t,s0 ) /var/spool/postfix(/.*)? gen_context(system_u:object_r:postfix_spool_t,s0) /var/spool/postfix/maildrop(/.*)? gen_context(system_u:object_r:postfix_spool_maildr op_t,s0) /var/spool/postfix/pid/.* gen_context(system_u:object_r:postfix_var_run_t,s0 ) /var/spool/postfix/private(/.*)? gen_context(system_u:object_r:postfix_private_t,s0 ) /var/spool/postfix/public(/.*)? gen_context(system_u:object_r:postfix_public_t,s0) /var/spool/postfix/bounce(/.*)? gen_context(system_u:object_r:postfix_spool_bounce _t,s0) /var/spool/postfix/flush(/.*)? gen_context(system_u:object_r:postfix_spool_flush_ t,s0) dwalsh@lo -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAk2nQyEACgkQrlYvE4MpobOYOwCgwZslQGC0Xn/t3ql3TpoyWNKg lYwAn34zsszGEnTQS2pFSzuvlQQNXe6Z =CrdE -----END PGP SIGNATURE----- -- Stephen J Smoogen. "The core skill of innovators is error recovery, not failure avoidance." Randy Nelson, President of Pixar University. "Let us be kind, one to another, for most of us are fighting a hard battle." -- Ian MacLaren _______________________________________________ epel-devel-list mailing list epel-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/epel-devel-list |
Fwd: newer postfix on RHEL5 (selinux policy)
On 04/15/2011 11:22 PM, Stephen John Smoogen wrote:
Asked Daniel Walsh what would be needed for a postfix2x policy. I am wondering if we added the policy to the rpm with instructions on how to install it would be ok? Extremely ugly, against the common usage in RHEL and Fedora but functional. I could live with that if properly triggered from %postinstall and if the custom policy would be removed when uninstalling the package Manuel ---------- Forwarded message ---------- From: Daniel J Walsh<dwalsh@redhat.com> Date: Thu, Apr 14, 2011 at 12:55 Subject: Re: newer postfix on RHEL5 (selinux policy) To: Stephen John Smoogen<smooge@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 04/14/2011 12:44 PM, Stephen John Smoogen wrote: So people in EPEL is looking at packaging a newer postfix for RHEL4/5 as it has features they need. The problem though is with an selinux policy for it as we would like to have it sit in parallel directories and not conflict with the RHEL postfix. What would be the best ways to make a policy for the systems (if it can only be RHEL5 oh well). Just copy he existing file context files and change the path. In RHEL5 you could just add the labels using semanage or better would be to install a pp file You need a one liner for postfix.te. Then just include a postfixnew.fc file with new paths. The type definition should remain the same. You would also need to run restorecon on the paths after you install the policy module. cat postfixnew.te policy_module(postfixnew,1.0) cat postfixnew.fc # postfix /etc/postfix(/.*)? gen_context(system_u:object_r:postfix_etc_t,s0) ifdef(`distro_redhat', ` /usr/libexec/postfix/.* -- gen_context(system_u:object_r:postfix_exec_t,s0) /usr/libexec/postfix/cleanup -- gen_context(system_u:object_r:postfix_cleanup_exec _t,s0) /usr/libexec/postfix/lmtp -- gen_context(system_u:object_r:postfix_smtp_exec_t, s0) /usr/libexec/postfix/local -- gen_context(system_u:object_r:postfix_local_exec_t ,s0) /usr/libexec/postfix/master -- gen_context(system_u:object_r:postfix_master_exec_ t,s0) /usr/libexec/postfix/pickup -- gen_context(system_u:object_r:postfix_pickup_exec_ t,s0) /usr/libexec/postfix/(n)?qmgr -- gen_context(system_u:object_r:postfix_qmgr_exec_t, s0) /usr/libexec/postfix/showq -- gen_context(system_u:object_r:postfix_showq_exec_t ,s0) /usr/libexec/postfix/smtp -- gen_context(system_u:object_r:postfix_smtp_exec_t, s0) /usr/libexec/postfix/scache -- gen_context(system_u:object_r:postfix_smtp_exec_t, s0) /usr/libexec/postfix/smtpd -- gen_context(system_u:object_r:postfix_smtpd_exec_t ,s0) /usr/libexec/postfix/bounce -- gen_context(system_u:object_r:postfix_bounce_exec_ t,s0) /usr/libexec/postfix/pipe -- gen_context(system_u:object_r:postfix_pipe_exec_t, s0) /usr/libexec/postfix/virtual -- gen_context(system_u:object_r:postfix_virtual_exec _t,s0) ', ` /usr/lib/postfix/.* -- gen_context(system_u:object_r:postfix_exec_t,s0) /usr/lib/postfix/cleanup -- gen_context(system_u:object_r:postfix_cleanup_exec _t,s0) /usr/lib/postfix/local -- gen_context(system_u:object_r:postfix_local_exec_t ,s0) /usr/lib/postfix/master -- gen_context(system_u:object_r:postfix_master_exec_ t,s0) /usr/lib/postfix/pickup -- gen_context(system_u:object_r:postfix_pickup_exec_ t,s0) /usr/lib/postfix/(n)?qmgr -- gen_context(system_u:object_r:postfix_qmgr_exec_t, s0) /usr/lib/postfix/showq -- gen_context(system_u:object_r:postfix_showq_exec_t ,s0) /usr/lib/postfix/smtp -- gen_context(system_u:object_r:postfix_smtp_exec_t, s0) /usr/lib/postfix/lmtp -- gen_context(system_u:object_r:postfix_smtp_exec_t, s0) /usr/lib/postfix/scache -- gen_context(system_u:object_r:postfix_smtp_exec_t, s0) /usr/lib/postfix/smtpd -- gen_context(system_u:object_r:postfix_smtpd_exec_t ,s0) /usr/lib/postfix/bounce -- gen_context(system_u:object_r:postfix_bounce_exec_ t,s0) /usr/lib/postfix/pipe -- gen_context(system_u:object_r:postfix_pipe_exec_t, s0) ') /etc/postfix/postfix-script.* -- gen_context(system_u:object_r:postfix_exec_t,s0) /etc/postfix/prng_exch -- gen_context(system_u:object_r:postfix_prng_t,s0) /usr/sbin/postalias -- gen_context(system_u:object_r:postfix_master_exec_ t,s0) /usr/sbin/postdrop -- gen_context(system_u:object_r:postfix_postdrop_exe c_t,s0) /usr/sbin/postfix -- gen_context(system_u:object_r:postfix_master_exec_ t,s0) /usr/sbin/postkick -- gen_context(system_u:object_r:postfix_master_exec_ t,s0) /usr/sbin/postlock -- gen_context(system_u:object_r:postfix_master_exec_ t,s0) /usr/sbin/postlog -- gen_context(system_u:object_r:postfix_master_exec_ t,s0) /usr/sbin/postmap -- gen_context(system_u:object_r:postfix_map_exec_t,s 0) /usr/sbin/postqueue -- gen_context(system_u:object_r:postfix_postqueue_ex ec_t,s0) /usr/sbin/postsuper -- gen_context(system_u:object_r:postfix_master_exec_ t,s0) /var/lib/postfix(/.*)? gen_context(system_u:object_r:postfix_var_lib_t,s0 ) /var/run/postfix(/.*)? gen_context(system_u:object_r:postfix_var_run_t,s0 ) /var/spool/postfix(/.*)? gen_context(system_u:object_r:postfix_spool_t,s0) /var/spool/postfix/maildrop(/.*)? gen_context(system_u:object_r:postfix_spool_maildr op_t,s0) /var/spool/postfix/pid/.* gen_context(system_u:object_r:postfix_var_run_t,s0 ) /var/spool/postfix/private(/.*)? gen_context(system_u:object_r:postfix_private_t,s0 ) /var/spool/postfix/public(/.*)? gen_context(system_u:object_r:postfix_public_t,s0) /var/spool/postfix/bounce(/.*)? gen_context(system_u:object_r:postfix_spool_bounce _t,s0) /var/spool/postfix/flush(/.*)? gen_context(system_u:object_r:postfix_spool_flush_ t,s0) dwalsh@lo -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAk2nQyEACgkQrlYvE4MpobOYOwCgwZslQGC0Xn/t3ql3TpoyWNKg lYwAn34zsszGEnTQS2pFSzuvlQQNXe6Z =CrdE -----END PGP SIGNATURE----- _______________________________________________ epel-devel-list mailing list epel-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/epel-devel-list |
| All times are GMT. The time now is 08:44 PM. |
VBulletin, Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.