Asked Daniel Walsh what would be needed for a postfix2x policy. I am
wondering if we added the policy to the rpm with instructions on how
to install it would be ok?
---------- Forwarded message ----------
From: Daniel J Walsh <dwalsh@redhat.com>
Date: Thu, Apr 14, 2011 at 12:55
Subject: Re: newer postfix on RHEL5 (selinux policy)
To: Stephen John Smoogen <smooge@gmail.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 04/14/2011 12:44 PM, Stephen John Smoogen wrote:
> So people in EPEL is looking at packaging a newer postfix for RHEL4/5
> as it has features they need. The problem though is with an selinux
> policy for it as we would like to have it sit in parallel directories
> and not conflict with the RHEL postfix. What would be the best ways to
> make a policy for the systems (if it can only be RHEL5 oh well).
>
Just copy he existing file context files and change the path.
In RHEL5 you could just add the labels using semanage or better would be
to install a pp file *You need a one liner for postfix.te. *Then just
include a postfixnew.fc file with new paths. *The type definition should
remain the same. *You would also need to run restorecon on the paths
after you install the policy module.
cat postfixnew.te
policy_module(postfixnew,1.0)
cat postfixnew.fc
# postfix
/etc/postfix(/.*)? * * * * * * *gen_context(system_u
bject_r
ostfix_etc_t,s0)
ifdef(`distro_redhat', `
/usr/libexec/postfix/.* -- * * *gen_context(system_u
bject_r
ostfix_exec_t,s0)
/usr/libexec/postfix/cleanup --
gen_context(system_u
bject_r
ostfix_cleanup_exec _t,s0)
/usr/libexec/postfix/lmtp --
gen_context(system_u
bject_r
ostfix_smtp_exec_t, s0)
/usr/libexec/postfix/local --
gen_context(system_u
bject_r
ostfix_local_exec_t ,s0)
/usr/libexec/postfix/master --
gen_context(system_u
bject_r
ostfix_master_exec_ t,s0)
/usr/libexec/postfix/pickup --
gen_context(system_u
bject_r
ostfix_pickup_exec_ t,s0)
/usr/libexec/postfix/(n)?qmgr --
gen_context(system_u
bject_r
ostfix_qmgr_exec_t, s0)
/usr/libexec/postfix/showq --
gen_context(system_u
bject_r
ostfix_showq_exec_t ,s0)
/usr/libexec/postfix/smtp --
gen_context(system_u
bject_r
ostfix_smtp_exec_t, s0)
/usr/libexec/postfix/scache --
gen_context(system_u
bject_r
ostfix_smtp_exec_t, s0)
/usr/libexec/postfix/smtpd --
gen_context(system_u
bject_r
ostfix_smtpd_exec_t ,s0)
/usr/libexec/postfix/bounce --
gen_context(system_u
bject_r
ostfix_bounce_exec_ t,s0)
/usr/libexec/postfix/pipe --
gen_context(system_u
bject_r
ostfix_pipe_exec_t, s0)
/usr/libexec/postfix/virtual --
gen_context(system_u
bject_r
ostfix_virtual_exec _t,s0)
', `
/usr/lib/postfix/.* * * -- * * *gen_context(system_u
bject_r
ostfix_exec_t,s0)
/usr/lib/postfix/cleanup --
gen_context(system_u
bject_r
ostfix_cleanup_exec _t,s0)
/usr/lib/postfix/local *--
gen_context(system_u
bject_r
ostfix_local_exec_t ,s0)
/usr/lib/postfix/master --
gen_context(system_u
bject_r
ostfix_master_exec_ t,s0)
/usr/lib/postfix/pickup --
gen_context(system_u
bject_r
ostfix_pickup_exec_ t,s0)
/usr/lib/postfix/(n)?qmgr --
gen_context(system_u
bject_r
ostfix_qmgr_exec_t, s0)
/usr/lib/postfix/showq *--
gen_context(system_u
bject_r
ostfix_showq_exec_t ,s0)
/usr/lib/postfix/smtp * --
gen_context(system_u
bject_r
ostfix_smtp_exec_t, s0)
/usr/lib/postfix/lmtp * --
gen_context(system_u
bject_r
ostfix_smtp_exec_t, s0)
/usr/lib/postfix/scache --
gen_context(system_u
bject_r
ostfix_smtp_exec_t, s0)
/usr/lib/postfix/smtpd *--
gen_context(system_u
bject_r
ostfix_smtpd_exec_t ,s0)
/usr/lib/postfix/bounce --
gen_context(system_u
bject_r
ostfix_bounce_exec_ t,s0)
/usr/lib/postfix/pipe * --
gen_context(system_u
bject_r
ostfix_pipe_exec_t, s0)
')
/etc/postfix/postfix-script.* --
gen_context(system_u
bject_r
ostfix_exec_t,s0)
/etc/postfix/prng_exch *-- * * *gen_context(system_u
bject_r
ostfix_prng_t,s0)
/usr/sbin/postalias * * --
gen_context(system_u
bject_r
ostfix_master_exec_ t,s0)
/usr/sbin/postdrop * * *--
gen_context(system_u
bject_r
ostfix_postdrop_exe c_t,s0)
/usr/sbin/postfix * * * --
gen_context(system_u
bject_r
ostfix_master_exec_ t,s0)
/usr/sbin/postkick * * *--
gen_context(system_u
bject_r
ostfix_master_exec_ t,s0)
/usr/sbin/postlock * * *--
gen_context(system_u
bject_r
ostfix_master_exec_ t,s0)
/usr/sbin/postlog * * * --
gen_context(system_u
bject_r
ostfix_master_exec_ t,s0)
/usr/sbin/postmap * * * --
gen_context(system_u
bject_r
ostfix_map_exec_t,s 0)
/usr/sbin/postqueue * * --
gen_context(system_u
bject_r
ostfix_postqueue_ex ec_t,s0)
/usr/sbin/postsuper * * --
gen_context(system_u
bject_r
ostfix_master_exec_ t,s0)
/var/lib/postfix(/.*)?
gen_context(system_u
bject_r
ostfix_var_lib_t,s0 )
/var/run/postfix(/.*)?
gen_context(system_u
bject_r
ostfix_var_run_t,s0 )
/var/spool/postfix(/.*)?
gen_context(system_u
bject_r
ostfix_spool_t,s0)
/var/spool/postfix/maildrop(/.*)?
gen_context(system_u
bject_r
ostfix_spool_maildr op_t,s0)
/var/spool/postfix/pid/.*
gen_context(system_u
bject_r
ostfix_var_run_t,s0 )
/var/spool/postfix/private(/.*)?
gen_context(system_u
bject_r
ostfix_private_t,s0 )
/var/spool/postfix/public(/.*)?
gen_context(system_u
bject_r
ostfix_public_t,s0)
/var/spool/postfix/bounce(/.*)?
gen_context(system_u
bject_r
ostfix_spool_bounce _t,s0)
/var/spool/postfix/flush(/.*)?
gen_context(system_u
bject_r
ostfix_spool_flush_ t,s0)
dwalsh@lo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAk2nQyEACgkQrlYvE4MpobOYOwCgwZslQGC0Xn/t3ql3TpoyWNKg
lYwAn34zsszGEnTQS2pFSzuvlQQNXe6Z
=CrdE
-----END PGP SIGNATURE-----
--
Stephen J Smoogen.
"The core skill of innovators is error recovery, not failure avoidance."
Randy Nelson, President of Pixar University.
"Let us be kind, one to another, for most of us are fighting a hard
battle." -- Ian MacLaren
_______________________________________________
epel-devel-list mailing list
epel-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/epel-devel-list
Fwd: newer postfix on RHEL5 (selinux policy)
