On Mon, Feb 20, 2012 at 05:23:11PM -0500, Alain Toussaint wrote: > Pardon me for the dumb question but I'm having a migraine and must prepare > for a midterm tomorrow; > > > allow dovecot_t dovecot_etc_t:file read_file_perms; > > How do I do that? :)
Hmm either I forgot to reply, or the reply didn't reach my mailbox, so here goes the answer ;-) http://www.gentoo.org/proj/en/hardened/selinux-faq.xml#localpolicy In short, you'll need to create a policy file, build it and include it in the system. The policy will be inserted in the policy store so that it is loaded every time you (re)boot the system, so you can remove the source file if you want. Usually you don't want to though. I personally have a single "localpolicy.te" file in which I put all my exceptional rules (that don't need to be part of the main policy, but are necessary on my system) and maintain that file. Wkr, Sven Vermeulen
