Fwd: newer postfix on RHEL5 (selinux policy)

Stephen John Smoogen smooge at gmail.com
Fri Apr 15 20:22:36 UTC 2011 

Asked Daniel Walsh what would be needed for a postfix2x policy. I am
wondering if we added the policy to the rpm with instructions on how
to install it would be ok?


---------- Forwarded message ----------
From: Daniel J Walsh <dwalsh at redhat.com>
Date: Thu, Apr 14, 2011 at 12:55
Subject: Re: newer postfix on RHEL5 (selinux policy)
To: Stephen John Smoogen <smooge at gmail.com>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 04/14/2011 12:44 PM, Stephen John Smoogen wrote:
> So people in EPEL is looking at packaging a newer postfix for RHEL4/5
> as it has features they need. The problem though is with an selinux
> policy for it as we would like to have it sit in parallel directories
> and not conflict with the RHEL postfix. What would be the best ways to
> make a policy for the systems (if it can only be RHEL5 oh well).
>

Just copy he existing file context files and change the path.

In RHEL5 you could just add the labels using semanage or better would be
to install a pp file  You need a one liner for postfix.te.  Then just
include a postfixnew.fc file with new paths.  The type definition should
remain the same.  You would also need to run restorecon on the paths
after you install the policy module.


cat postfixnew.te
policy_module(postfixnew,1.0)

cat postfixnew.fc
# postfix
/etc/postfix(/.*)?              gen_context(system_u:object_r:postfix_etc_t,s0)
ifdef(`distro_redhat', `
/usr/libexec/postfix/.* --      gen_context(system_u:object_r:postfix_exec_t,s0)
/usr/libexec/postfix/cleanup --
gen_context(system_u:object_r:postfix_cleanup_exec_t,s0)
/usr/libexec/postfix/lmtp --
gen_context(system_u:object_r:postfix_smtp_exec_t,s0)
/usr/libexec/postfix/local --
gen_context(system_u:object_r:postfix_local_exec_t,s0)
/usr/libexec/postfix/master --
gen_context(system_u:object_r:postfix_master_exec_t,s0)
/usr/libexec/postfix/pickup --
gen_context(system_u:object_r:postfix_pickup_exec_t,s0)
/usr/libexec/postfix/(n)?qmgr --
gen_context(system_u:object_r:postfix_qmgr_exec_t,s0)
/usr/libexec/postfix/showq --
gen_context(system_u:object_r:postfix_showq_exec_t,s0)
/usr/libexec/postfix/smtp --
gen_context(system_u:object_r:postfix_smtp_exec_t,s0)
/usr/libexec/postfix/scache --
gen_context(system_u:object_r:postfix_smtp_exec_t,s0)
/usr/libexec/postfix/smtpd --
gen_context(system_u:object_r:postfix_smtpd_exec_t,s0)
/usr/libexec/postfix/bounce --
gen_context(system_u:object_r:postfix_bounce_exec_t,s0)
/usr/libexec/postfix/pipe --
gen_context(system_u:object_r:postfix_pipe_exec_t,s0)
/usr/libexec/postfix/virtual --
gen_context(system_u:object_r:postfix_virtual_exec_t,s0)
', `
/usr/lib/postfix/.*     --      gen_context(system_u:object_r:postfix_exec_t,s0)
/usr/lib/postfix/cleanup --
gen_context(system_u:object_r:postfix_cleanup_exec_t,s0)
/usr/lib/postfix/local  --
gen_context(system_u:object_r:postfix_local_exec_t,s0)
/usr/lib/postfix/master --
gen_context(system_u:object_r:postfix_master_exec_t,s0)
/usr/lib/postfix/pickup --
gen_context(system_u:object_r:postfix_pickup_exec_t,s0)
/usr/lib/postfix/(n)?qmgr --
gen_context(system_u:object_r:postfix_qmgr_exec_t,s0)
/usr/lib/postfix/showq  --
gen_context(system_u:object_r:postfix_showq_exec_t,s0)
/usr/lib/postfix/smtp   --
gen_context(system_u:object_r:postfix_smtp_exec_t,s0)
/usr/lib/postfix/lmtp   --
gen_context(system_u:object_r:postfix_smtp_exec_t,s0)
/usr/lib/postfix/scache --
gen_context(system_u:object_r:postfix_smtp_exec_t,s0)
/usr/lib/postfix/smtpd  --
gen_context(system_u:object_r:postfix_smtpd_exec_t,s0)
/usr/lib/postfix/bounce --
gen_context(system_u:object_r:postfix_bounce_exec_t,s0)
/usr/lib/postfix/pipe   --
gen_context(system_u:object_r:postfix_pipe_exec_t,s0)
')
/etc/postfix/postfix-script.* --
gen_context(system_u:object_r:postfix_exec_t,s0)
/etc/postfix/prng_exch  --      gen_context(system_u:object_r:postfix_prng_t,s0)
/usr/sbin/postalias     --
gen_context(system_u:object_r:postfix_master_exec_t,s0)
/usr/sbin/postdrop      --
gen_context(system_u:object_r:postfix_postdrop_exec_t,s0)
/usr/sbin/postfix       --
gen_context(system_u:object_r:postfix_master_exec_t,s0)
/usr/sbin/postkick      --
gen_context(system_u:object_r:postfix_master_exec_t,s0)
/usr/sbin/postlock      --
gen_context(system_u:object_r:postfix_master_exec_t,s0)
/usr/sbin/postlog       --
gen_context(system_u:object_r:postfix_master_exec_t,s0)
/usr/sbin/postmap       --
gen_context(system_u:object_r:postfix_map_exec_t,s0)
/usr/sbin/postqueue     --
gen_context(system_u:object_r:postfix_postqueue_exec_t,s0)
/usr/sbin/postsuper     --
gen_context(system_u:object_r:postfix_master_exec_t,s0)
/var/lib/postfix(/.*)?
gen_context(system_u:object_r:postfix_var_lib_t,s0)
/var/run/postfix(/.*)?
gen_context(system_u:object_r:postfix_var_run_t,s0)

/var/spool/postfix(/.*)?
gen_context(system_u:object_r:postfix_spool_t,s0)
/var/spool/postfix/maildrop(/.*)?
gen_context(system_u:object_r:postfix_spool_maildrop_t,s0)
/var/spool/postfix/pid/.*
gen_context(system_u:object_r:postfix_var_run_t,s0)
/var/spool/postfix/private(/.*)?
gen_context(system_u:object_r:postfix_private_t,s0)
/var/spool/postfix/public(/.*)?
gen_context(system_u:object_r:postfix_public_t,s0)
/var/spool/postfix/bounce(/.*)?
gen_context(system_u:object_r:postfix_spool_bounce_t,s0)
/var/spool/postfix/flush(/.*)?
gen_context(system_u:object_r:postfix_spool_flush_t,s0)
dwalsh at lo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAk2nQyEACgkQrlYvE4MpobOYOwCgwZslQGC0Xn/t3ql3TpoyWNKg
lYwAn34zsszGEnTQS2pFSzuvlQQNXe6Z
=CrdE
-----END PGP SIGNATURE-----



-- 
Stephen J Smoogen.
"The core skill of innovators is error recovery, not failure avoidance."
Randy Nelson, President of Pixar University.
"Let us be kind, one to another, for most of us are fighting a hard
battle." -- Ian MacLaren

More information about the epel-devel-list mailing list