All of lore.kernel.org
 help / color / mirror / Atom feed
* [refpolicy] services_dovecot.patch
@ 2008-09-24 20:38 Daniel J Walsh
  0 siblings, 0 replies; 10+ messages in thread
From: Daniel J Walsh @ 2008-09-24 20:38 UTC (permalink / raw)
  To: refpolicy

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

http://people.fedoraproject.org/~dwalsh/SELinux/F10/services_dovecot.patch

Add initrc script support

allow admin to start/stop service

Admin needs admin_pattern on all file types



Add support for dovecod_deliver policy

additional spool and log file context

dovecot uses kerberos keytab

auth needs chown and dac_override

auth needs to connect to dovecot_t

creates files in /tmp

creates its own log files

greates a stream socket in /var/run

auth sends syslog and audit messages

auth reads usr_t files

auth can use mysql

auth can authenticate nis passwords

auth can use users kerberos tgt

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkjapVcACgkQrlYvE4MpobN1dQCfaf1iEfx1pX+IDlRdHQFQrUMz
DQkAoIk1Dnr8Rg5hEwwEbcnkcikCf01O
=55uA
-----END PGP SIGNATURE-----

^ permalink raw reply	[flat|nested] 10+ messages in thread
* [refpolicy] services_dovecot.patch
@ 2008-10-14 20:42 Daniel J Walsh
  2008-10-14 22:59 ` Paul Howarth
  0 siblings, 1 reply; 10+ messages in thread
From: Daniel J Walsh @ 2008-10-14 20:42 UTC (permalink / raw)
  To: refpolicy

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

http://people.fedoraproject.org/~dwalsh/SELinux/F10/services_dovecot.patch

initrc handling

Fix labeling on files only /var/run/dovecot/login/ssl-parameters.dat


Add admin interface

Add policy for deliver
Add domain to connect to dovecot_auth


dovecot uses /tmp

auth reads usr files

auth can communicate with mysql, posfix

Uses nis authentication

Usses gssapi
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkj1BBgACgkQrlYvE4MpobPFWgCfU4ww0imrj7QdNMbtmXqrvy/Q
HAQAn3fqbl6uhxc9Z6rZmbrihHk3+Jv3
=kCX2
-----END PGP SIGNATURE-----

^ permalink raw reply	[flat|nested] 10+ messages in thread
* [refpolicy] services_dovecot.patch
@ 2009-06-09  0:31 Daniel J Walsh
  2009-06-30 19:29 ` Christopher J. PeBenito
  0 siblings, 1 reply; 10+ messages in thread
From: Daniel J Walsh @ 2009-06-09  0:31 UTC (permalink / raw)
  To: refpolicy

http://people.fedoraproject.org/~dwalsh/SELinux/F11/services_dovecot.patch

Add context for dovecot init script

policy to cover dovecot/deliver executable

Dovecot uses kerberos templates.

Dovecot_auth neesds chown and dac_override

dovecot auth creates /tmp files

Uses var_run and connects to the auth_stream

Sends audit and syslog messages

^ permalink raw reply	[flat|nested] 10+ messages in thread
* [refpolicy] services_dovecot.patch
@ 2009-11-12 21:29 Daniel J Walsh
  2010-01-07 16:52 ` Christopher J. PeBenito
  0 siblings, 1 reply; 10+ messages in thread
From: Daniel J Walsh @ 2009-11-12 21:29 UTC (permalink / raw)
  To: refpolicy

http://people.fedoraproject.org/~dwalsh/SELinux/F12/services_dovecot.patch

dovecot is dropping capabilities,

getattr on mounted file systems

dovecot auth sends itself signals and drops capabilities

reads users tmp files (kerberos tickets)


deliver_t needs to write to cifs and nfs homedir

^ permalink raw reply	[flat|nested] 10+ messages in thread
* [refpolicy] services_dovecot.patch
@ 2010-02-23 21:49 Daniel J Walsh
  0 siblings, 0 replies; 10+ messages in thread
From: Daniel J Walsh @ 2010-02-23 21:49 UTC (permalink / raw)
  To: refpolicy

http://people.fedoraproject.org/~dwalsh/SELinux/F13/services_dovecot.patch

dovecot has  a log dir.

Listens on the mail port

Does a getattr on all file systems

Can have a postgresql back end

dovecot_deliver needs to be able to write to uses homedirs even if they 
are on nfs and cifs.

^ permalink raw reply	[flat|nested] 10+ messages in thread
* [refpolicy] services_dovecot.patch
@ 2010-08-26 21:14 Daniel J Walsh
  0 siblings, 0 replies; 10+ messages in thread
From: Daniel J Walsh @ 2010-08-26 21:14 UTC (permalink / raw)
  To: refpolicy

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

http://people.fedoraproject.org/~dwalsh/SELinux/F14/services_dovecot.patch

Fix dovecot_admin interface

Label its cert files


tmpfs as /var/run

Communicates with posfix private
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkx22UEACgkQrlYvE4MpobMNMgCdFl5jG6gj1dLgiYLscATmligK
JugAoIFxXK60Re8T8f3byuU0GUAVQEhX
=/WTJ
-----END PGP SIGNATURE-----

^ permalink raw reply	[flat|nested] 10+ messages in thread
end of thread, other threads:[~2010-08-26 21:14 UTC | newest]

Thread overview: 10+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-09-24 20:38 [refpolicy] services_dovecot.patch Daniel J Walsh
  -- strict thread matches above, loose matches on Subject: below --
2008-10-14 20:42 Daniel J Walsh
2008-10-14 22:59 ` Paul Howarth
2009-06-09  0:31 Daniel J Walsh
2009-06-30 19:29 ` Christopher J. PeBenito
2009-06-30 19:53   ` Daniel J Walsh
2009-11-12 21:29 Daniel J Walsh
2010-01-07 16:52 ` Christopher J. PeBenito
2010-02-23 21:49 Daniel J Walsh
2010-08-26 21:14 Daniel J Walsh

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.