FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora SELinux Support

 
 
LinkBack Thread Tools
 
Old 02-08-2008, 03:06 PM
Daniel J Walsh
 
Default host certificates & keys

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Stanisław T. Findeisen wrote:
> Hello
>
> Are there any standard ways to add certificate and private key files to
> services like Postfix (SMTP) or Dovecot (POP3/IMAP) to enable them use TLS?
>
> STF
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
I don't see this as an SELinux question?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkesff8ACgkQrlYvE4MpobPZrgCfZm7+AQ07pU ryxQkNREwdBQwb
QFgAoJ9elbi3sECKqz3P1/l3UOBhMVn7
=fAOw
-----END PGP SIGNATURE-----

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 02-08-2008, 06:00 PM
"Stanisław T. Findeisen"
 
Default host certificates & keys

Daniel J Walsh wrote:

Are there any standard ways to add certificate and private key files to
services like Postfix (SMTP) or Dovecot (POP3/IMAP) to enable them use TLS?


I don't see this as an SELinux question?


Can I add them anywhere, name them as I wish, give them any SELinux
labels and permissions and SELinux will allow read access to them?


This would probably mean, that SELinux policies deployed in Fedora are
somewhat too liberal?...


STF

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 02-10-2008, 07:14 PM
John Griffiths
 
Default host certificates & keys

Subject:

Re: host certificates & keys



From:
"Stanisław T. Findeisen" <sf181257@students.mimuw.edu.pl>



Date:
Fri, 08 Feb 2008 20:00:10 +0100



To:
Daniel J Walsh <dwalsh@redhat.com>







To:
Daniel J Walsh <dwalsh@redhat.com>



CC:
fedora-selinux-list@redhat.com







Content-Transfer-Encoding:

7bit



Precedence:

junk



MIME-Version:

1.0



References:

<47AC7859.6050003@students.mimuw.edu.pl>
<47AC7DFF.40908@redhat.com>



In-Reply-To:

<47AC7DFF.40908@redhat.com>



Message-ID:

<47ACA6BA.8060000@students.mimuw.edu.pl>



Content-Type:

text/plain; charset=ISO-8859-2; format=flowed



Message:

2





Daniel J Walsh wrote:



Are there any standard ways to add
certificate and private key files to


services like Postfix (SMTP) or Dovecot (POP3/IMAP) to enable them use
TLS?





I don't see this as an SELinux question?





Can I add them anywhere, name them as I wish, give them any SELinux
labels and permissions and SELinux will allow read access to them?



The standard place to put them is /etc/pki . Dovecot installs a
directory there for secure POP and IMAP and you put them
./dovecot/private or ./dovecot/certs. The default name is dovecot.pem
for both private and certs. If you use another name, just make the
entry in dovecot.conf match and uncomment the lines for ssl_cert_file
and ssl_key_file.



There are similar locations for tls in the /etc/pki directory.



The files should pickup the correct selinux context but if they don't,
it is system_ubject_r:cert_t for ./dovecot/private/dovecot.pem and
system_ubject_r:dovecot_cert_t for ./dovecot/certs/dovecot.pem.



Use the tls/certs/Makefile in to make the proper certs for tls. All the
tls certs get system_ubject_r:cert_t .



Regards,

John











This would probably mean, that SELinux policies deployed in Fedora are
somewhat too liberal?...




STF








--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list




--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 

Thread Tools




All times are GMT. The time now is 11:18 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org