From: sven.vermeulen@siphos.be (Sven Vermeulen)
To: refpolicy@oss.tresys.com
Subject: [refpolicy] [PATCH 2/6] Locate authdaemon socket and communicate with authdaemon
Date: Wed, 31 Dec 2014 17:04:44 +0100 [thread overview]
Message-ID: <20141231160444.GA4733@siphos.be> (raw)
In-Reply-To: <20141230204747.GB12724@bigboy.network2>
On Tue, Dec 30, 2014 at 09:47:57PM +0100, Dominick Grift wrote:
> > diff --git a/courier.te b/courier.te
> > index 112a60b..c4ab936 100644
> > --- a/courier.te
> > +++ b/courier.te
> > @@ -137,6 +137,8 @@ allow courier_pop_t courier_tcpd_t:{ unix_stream_socket tcp_socket } rw_stream_s
> >
> > allow courier_pop_t courier_var_lib_t:file { read write };
> >
> > +stream_connect_pattern(courier_pop_t, courier_var_lib_t, courier_var_run_t, courier_authdaemon_t)
>
> Could you explain what a sock file with type courier_var_run_t is doing in a directory with type courier_var_lib_t?
>
> I suspect that above should probably instead be "stream_connect_pattern(courier_pop_t, courier_var_lib_t, courier_var_lib_t courier_authdaemon_t)"
> If my assumption is wrong then please explain why
Good catch. Indeed, I had a stale courier_var_run_t laying around in an
attempt for reconfiguring the daemons to use /var/run/courier instead of
/var/lib/courier for the socket. But I failed miserably and I don't know why
- it continues to make the socket in /var/lib/courier.
I reset the contexts of /var/lib completely and can confirm that
courier_var_lib_t is what is needed. I'll update the patch to this.
Wkr,
Sven Vermeulen
next prev parent reply other threads:[~2014-12-31 16:04 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-12-30 20:21 [refpolicy] [PATCH 0/6] Courier IMAPd related policy changes Sven Vermeulen
2014-12-30 20:21 ` [refpolicy] [PATCH 1/6] Courier TCPd startup creates imapd.pid.lock and imapd.lock Sven Vermeulen
2014-12-30 20:44 ` Dominick Grift
2014-12-30 20:21 ` [refpolicy] [PATCH 2/6] Locate authdaemon socket and communicate with authdaemon Sven Vermeulen
2014-12-30 20:47 ` Dominick Grift
2014-12-31 16:04 ` Sven Vermeulen [this message]
2014-12-30 20:21 ` [refpolicy] [PATCH 3/6] Allow authdaemon to access selinux fs to check SELinux state Sven Vermeulen
2014-12-30 20:21 ` [refpolicy] [PATCH 4/6] Grant setuid/setgid to courier_pop_t Sven Vermeulen
2014-12-30 20:21 ` [refpolicy] [PATCH 5/6] Execute courier helper script after authentication Sven Vermeulen
2014-12-30 20:21 ` [refpolicy] [PATCH 6/6] Courier IMAP needs to manage the users' maildir Sven Vermeulen
2014-12-30 20:54 ` Dominick Grift
2014-12-31 16:09 ` Sven Vermeulen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20141231160444.GA4733@siphos.be \
--to=sven.vermeulen@siphos.be \
--cc=refpolicy@oss.tresys.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.