Asked Daniel Walsh what would be needed for a postfix2x policy. I am wondering if we added the policy to the rpm with instructions on how to install it would be ok?
---------- Forwarded message ---------- From: Daniel J Walsh <[email protected]> Date: Thu, Apr 14, 2011 at 12:55 Subject: Re: newer postfix on RHEL5 (selinux policy) To: Stephen John Smoogen <[email protected]> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 04/14/2011 12:44 PM, Stephen John Smoogen wrote: > So people in EPEL is looking at packaging a newer postfix for RHEL4/5 > as it has features they need. The problem though is with an selinux > policy for it as we would like to have it sit in parallel directories > and not conflict with the RHEL postfix. What would be the best ways to > make a policy for the systems (if it can only be RHEL5 oh well). > Just copy he existing file context files and change the path. In RHEL5 you could just add the labels using semanage or better would be to install a pp file You need a one liner for postfix.te. Then just include a postfixnew.fc file with new paths. The type definition should remain the same. You would also need to run restorecon on the paths after you install the policy module. cat postfixnew.te policy_module(postfixnew,1.0) cat postfixnew.fc # postfix /etc/postfix(/.*)? gen_context(system_u:object_r:postfix_etc_t,s0) ifdef(`distro_redhat', ` /usr/libexec/postfix/.* -- gen_context(system_u:object_r:postfix_exec_t,s0) /usr/libexec/postfix/cleanup -- gen_context(system_u:object_r:postfix_cleanup_exec_t,s0) /usr/libexec/postfix/lmtp -- gen_context(system_u:object_r:postfix_smtp_exec_t,s0) /usr/libexec/postfix/local -- gen_context(system_u:object_r:postfix_local_exec_t,s0) /usr/libexec/postfix/master -- gen_context(system_u:object_r:postfix_master_exec_t,s0) /usr/libexec/postfix/pickup -- gen_context(system_u:object_r:postfix_pickup_exec_t,s0) /usr/libexec/postfix/(n)?qmgr -- gen_context(system_u:object_r:postfix_qmgr_exec_t,s0) /usr/libexec/postfix/showq -- gen_context(system_u:object_r:postfix_showq_exec_t,s0) /usr/libexec/postfix/smtp -- gen_context(system_u:object_r:postfix_smtp_exec_t,s0) /usr/libexec/postfix/scache -- gen_context(system_u:object_r:postfix_smtp_exec_t,s0) /usr/libexec/postfix/smtpd -- gen_context(system_u:object_r:postfix_smtpd_exec_t,s0) /usr/libexec/postfix/bounce -- gen_context(system_u:object_r:postfix_bounce_exec_t,s0) /usr/libexec/postfix/pipe -- gen_context(system_u:object_r:postfix_pipe_exec_t,s0) /usr/libexec/postfix/virtual -- gen_context(system_u:object_r:postfix_virtual_exec_t,s0) ', ` /usr/lib/postfix/.* -- gen_context(system_u:object_r:postfix_exec_t,s0) /usr/lib/postfix/cleanup -- gen_context(system_u:object_r:postfix_cleanup_exec_t,s0) /usr/lib/postfix/local -- gen_context(system_u:object_r:postfix_local_exec_t,s0) /usr/lib/postfix/master -- gen_context(system_u:object_r:postfix_master_exec_t,s0) /usr/lib/postfix/pickup -- gen_context(system_u:object_r:postfix_pickup_exec_t,s0) /usr/lib/postfix/(n)?qmgr -- gen_context(system_u:object_r:postfix_qmgr_exec_t,s0) /usr/lib/postfix/showq -- gen_context(system_u:object_r:postfix_showq_exec_t,s0) /usr/lib/postfix/smtp -- gen_context(system_u:object_r:postfix_smtp_exec_t,s0) /usr/lib/postfix/lmtp -- gen_context(system_u:object_r:postfix_smtp_exec_t,s0) /usr/lib/postfix/scache -- gen_context(system_u:object_r:postfix_smtp_exec_t,s0) /usr/lib/postfix/smtpd -- gen_context(system_u:object_r:postfix_smtpd_exec_t,s0) /usr/lib/postfix/bounce -- gen_context(system_u:object_r:postfix_bounce_exec_t,s0) /usr/lib/postfix/pipe -- gen_context(system_u:object_r:postfix_pipe_exec_t,s0) ') /etc/postfix/postfix-script.* -- gen_context(system_u:object_r:postfix_exec_t,s0) /etc/postfix/prng_exch -- gen_context(system_u:object_r:postfix_prng_t,s0) /usr/sbin/postalias -- gen_context(system_u:object_r:postfix_master_exec_t,s0) /usr/sbin/postdrop -- gen_context(system_u:object_r:postfix_postdrop_exec_t,s0) /usr/sbin/postfix -- gen_context(system_u:object_r:postfix_master_exec_t,s0) /usr/sbin/postkick -- gen_context(system_u:object_r:postfix_master_exec_t,s0) /usr/sbin/postlock -- gen_context(system_u:object_r:postfix_master_exec_t,s0) /usr/sbin/postlog -- gen_context(system_u:object_r:postfix_master_exec_t,s0) /usr/sbin/postmap -- gen_context(system_u:object_r:postfix_map_exec_t,s0) /usr/sbin/postqueue -- gen_context(system_u:object_r:postfix_postqueue_exec_t,s0) /usr/sbin/postsuper -- gen_context(system_u:object_r:postfix_master_exec_t,s0) /var/lib/postfix(/.*)? gen_context(system_u:object_r:postfix_var_lib_t,s0) /var/run/postfix(/.*)? gen_context(system_u:object_r:postfix_var_run_t,s0) /var/spool/postfix(/.*)? gen_context(system_u:object_r:postfix_spool_t,s0) /var/spool/postfix/maildrop(/.*)? gen_context(system_u:object_r:postfix_spool_maildrop_t,s0) /var/spool/postfix/pid/.* gen_context(system_u:object_r:postfix_var_run_t,s0) /var/spool/postfix/private(/.*)? gen_context(system_u:object_r:postfix_private_t,s0) /var/spool/postfix/public(/.*)? gen_context(system_u:object_r:postfix_public_t,s0) /var/spool/postfix/bounce(/.*)? gen_context(system_u:object_r:postfix_spool_bounce_t,s0) /var/spool/postfix/flush(/.*)? gen_context(system_u:object_r:postfix_spool_flush_t,s0) dwalsh@lo -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAk2nQyEACgkQrlYvE4MpobOYOwCgwZslQGC0Xn/t3ql3TpoyWNKg lYwAn34zsszGEnTQS2pFSzuvlQQNXe6Z =CrdE -----END PGP SIGNATURE----- -- Stephen J Smoogen. "The core skill of innovators is error recovery, not failure avoidance." Randy Nelson, President of Pixar University. "Let us be kind, one to another, for most of us are fighting a hard battle." -- Ian MacLaren _______________________________________________ epel-devel-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/epel-devel-list
