FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora SELinux Support

 
 
LinkBack Thread Tools
 
Old 03-14-2010, 08:28 AM
Ruben Kerkhof
 
Default location of postfix ssl certificates

Hi all,

I was wondering what would be the best place to store tls certificates
for postfix.
Right now, we store them in /var, which is denied by the policy.

The policy allows postfix files_read_usr_files (for openssl, that's
what the comment above it says) but wouldn't it be better to store
them under /etc/pki?
Maybe there should be a postfix_cert_t or something?

Regards,

Ruben
--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
 
Old 03-14-2010, 12:17 PM
Dominick Grift
 
Default location of postfix ssl certificates

On Sun, Mar 14, 2010 at 10:28:18AM +0100, Ruben Kerkhof wrote:
> Hi all,
>
> I was wondering what would be the best place to store tls certificates
> for postfix.
> Right now, we store them in /var, which is denied by the policy.
>
> The policy allows postfix files_read_usr_files (for openssl, that's
> what the comment above it says) but wouldn't it be better to store
> them under /etc/pki?
> Maybe there should be a postfix_cert_t or something?

I am not very familiar with postfix and its policy but in my opinion certs should be in /etc/pki indeed. although you could probably also dump them into /etc/postfix

>
> Regards,
>
> Ruben
> --
> selinux mailing list
> selinux@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
 

Thread Tools




All times are GMT. The time now is 10:04 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org