* [refpolicy] [PATCH 0/6] Courier IMAPd related policy changes
@ 2014-12-30 20:21 Sven Vermeulen
2014-12-30 20:21 ` [refpolicy] [PATCH 1/6] Courier TCPd startup creates imapd.pid.lock and imapd.lock Sven Vermeulen
` (5 more replies)
0 siblings, 6 replies; 12+ messages in thread
From: Sven Vermeulen @ 2014-12-30 20:21 UTC (permalink / raw)
To: refpolicy
Small updates to courier policy in order to have the Courier IMAPd work with the policy.
Sven Vermeulen (6):
Courier TCPd startup creates imapd.pid.lock and imapd.lock
Locate authdaemon socket and communicate with authdaemon
Allow authdaemon to access selinux fs to check SELinux state
Grant setuid/setgid to courier_pop_t
Execute courier helper script after authentication
Courier IMAP needs to manage the users' maildir
courier.te | 11 +++++++++++
1 file changed, 11 insertions(+)
--
2.0.5
^ permalink raw reply [flat|nested] 12+ messages in thread
* [refpolicy] [PATCH 1/6] Courier TCPd startup creates imapd.pid.lock and imapd.lock
2014-12-30 20:21 [refpolicy] [PATCH 0/6] Courier IMAPd related policy changes Sven Vermeulen
@ 2014-12-30 20:21 ` Sven Vermeulen
2014-12-30 20:44 ` Dominick Grift
2014-12-30 20:21 ` [refpolicy] [PATCH 2/6] Locate authdaemon socket and communicate with authdaemon Sven Vermeulen
` (4 subsequent siblings)
5 siblings, 1 reply; 12+ messages in thread
From: Sven Vermeulen @ 2014-12-30 20:21 UTC (permalink / raw)
To: refpolicy
Startup of courier-imapd creates /var/run/imapd.pid.lock and imapd.lock
Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
---
courier.te | 2 ++
1 file changed, 2 insertions(+)
diff --git a/courier.te b/courier.te
index ae3bc70..112a60b 100644
--- a/courier.te
+++ b/courier.te
@@ -172,6 +172,8 @@ corenet_tcp_sendrecv_pop_port(courier_tcpd_t)
dev_read_rand(courier_tcpd_t)
dev_read_urand(courier_tcpd_t)
+files_pid_filetrans(courier_tcpd_t, courier_var_run_t, file)
+
miscfiles_read_localization(courier_tcpd_t)
########################################
--
2.0.5
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [refpolicy] [PATCH 2/6] Locate authdaemon socket and communicate with authdaemon
2014-12-30 20:21 [refpolicy] [PATCH 0/6] Courier IMAPd related policy changes Sven Vermeulen
2014-12-30 20:21 ` [refpolicy] [PATCH 1/6] Courier TCPd startup creates imapd.pid.lock and imapd.lock Sven Vermeulen
@ 2014-12-30 20:21 ` Sven Vermeulen
2014-12-30 20:47 ` Dominick Grift
2014-12-30 20:21 ` [refpolicy] [PATCH 3/6] Allow authdaemon to access selinux fs to check SELinux state Sven Vermeulen
` (3 subsequent siblings)
5 siblings, 1 reply; 12+ messages in thread
From: Sven Vermeulen @ 2014-12-30 20:21 UTC (permalink / raw)
To: refpolicy
Without this, authentication fails. The following is shown in the logs:
Dec 30 19:36:54 localhost imapd: Connection, ip=[::ffff:192.168.100.152]
Dec 30 19:36:54 localhost imapd: authdaemon: s_connect() failed: Permission denied
Dec 30 19:36:54 localhost imapd: LOGIN FAILED, user=root, ip=[::ffff:192.168.100.152]
Dec 30 19:36:54 localhost imapd: authentication error: Permission denied
Through logon, the daemon (courier_pop_t) wants to locate the socket in
/var/lib/courier to initiate communication with the authdaemon.
Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
---
courier.te | 2 ++
1 file changed, 2 insertions(+)
diff --git a/courier.te b/courier.te
index 112a60b..c4ab936 100644
--- a/courier.te
+++ b/courier.te
@@ -137,6 +137,8 @@ allow courier_pop_t courier_tcpd_t:{ unix_stream_socket tcp_socket } rw_stream_s
allow courier_pop_t courier_var_lib_t:file { read write };
+stream_connect_pattern(courier_pop_t, courier_var_lib_t, courier_var_run_t, courier_authdaemon_t)
+
domtrans_pattern(courier_pop_t, courier_authdaemon_exec_t, courier_authdaemon_t)
miscfiles_read_localization(courier_pop_t)
--
2.0.5
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [refpolicy] [PATCH 3/6] Allow authdaemon to access selinux fs to check SELinux state
2014-12-30 20:21 [refpolicy] [PATCH 0/6] Courier IMAPd related policy changes Sven Vermeulen
2014-12-30 20:21 ` [refpolicy] [PATCH 1/6] Courier TCPd startup creates imapd.pid.lock and imapd.lock Sven Vermeulen
2014-12-30 20:21 ` [refpolicy] [PATCH 2/6] Locate authdaemon socket and communicate with authdaemon Sven Vermeulen
@ 2014-12-30 20:21 ` Sven Vermeulen
2014-12-30 20:21 ` [refpolicy] [PATCH 4/6] Grant setuid/setgid to courier_pop_t Sven Vermeulen
` (2 subsequent siblings)
5 siblings, 0 replies; 12+ messages in thread
From: Sven Vermeulen @ 2014-12-30 20:21 UTC (permalink / raw)
To: refpolicy
When attempting to authenticate, the PAM module checks if SELinux is
enabled (pam_unix, in order to verify if the chkpwd helper utility needs
to be called). If it fails to check the SELinux state, then authdaemon
will try to access shadow directly (again, through pam_unix).
This only occurs when a user tries to log on as root (on IMAP server) as
non-root users automatically have chkpwd executed.
Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
---
courier.te | 2 ++
1 file changed, 2 insertions(+)
diff --git a/courier.te b/courier.te
index c4ab936..07752c2 100644
--- a/courier.te
+++ b/courier.te
@@ -114,6 +114,8 @@ libs_read_lib_files(courier_authdaemon_t)
miscfiles_read_localization(courier_authdaemon_t)
+selinux_getattr_fs(courier_authdaemon_t)
+
userdom_dontaudit_search_user_home_dirs(courier_authdaemon_t)
########################################
--
2.0.5
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [refpolicy] [PATCH 4/6] Grant setuid/setgid to courier_pop_t
2014-12-30 20:21 [refpolicy] [PATCH 0/6] Courier IMAPd related policy changes Sven Vermeulen
` (2 preceding siblings ...)
2014-12-30 20:21 ` [refpolicy] [PATCH 3/6] Allow authdaemon to access selinux fs to check SELinux state Sven Vermeulen
@ 2014-12-30 20:21 ` Sven Vermeulen
2014-12-30 20:21 ` [refpolicy] [PATCH 5/6] Execute courier helper script after authentication Sven Vermeulen
2014-12-30 20:21 ` [refpolicy] [PATCH 6/6] Courier IMAP needs to manage the users' maildir Sven Vermeulen
5 siblings, 0 replies; 12+ messages in thread
From: Sven Vermeulen @ 2014-12-30 20:21 UTC (permalink / raw)
To: refpolicy
When trying to log on to the IMAP service, the authentication fails and
the following shows up in the courier logs:
Dec 30 19:40:56 localhost imapd: Connection, ip=[::ffff:192.168.100.152]
Dec 30 19:40:56 localhost imapd: initgroups: Operation not permitted
In the audit logs, the following shows up:
type=AVC msg=audit(1419968456.850:190): avc: denied { setgid } for
pid=4028 comm="imaplogin" capability=6
scontext=system_u:system_r:courier_pop_t:s0
tcontext=system_u:system_r:courier_pop_t:s0 tclass=capability
type=AVC msg=audit(1419968532.622:192): avc: denied { setuid } for
pid=4118 comm="imaplogin" capability=7
scontext=system_u:system_r:courier_pop_t:s0
tcontext=system_u:system_r:courier_pop_t:s0 tclass=capability
The daemon wants to switch user to access the necessary maildir's.
Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
---
courier.te | 1 +
1 file changed, 1 insertion(+)
diff --git a/courier.te b/courier.te
index 07752c2..6082d5c 100644
--- a/courier.te
+++ b/courier.te
@@ -132,6 +132,7 @@ dev_read_rand(courier_pcp_t)
# POP3/IMAP local policy
#
+allow courier_pop_t self:capability { setgid setuid };
allow courier_pop_t courier_authdaemon_t:tcp_socket rw_stream_socket_perms;
allow courier_pop_t courier_authdaemon_t:process sigchld;
--
2.0.5
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [refpolicy] [PATCH 5/6] Execute courier helper script after authentication
2014-12-30 20:21 [refpolicy] [PATCH 0/6] Courier IMAPd related policy changes Sven Vermeulen
` (3 preceding siblings ...)
2014-12-30 20:21 ` [refpolicy] [PATCH 4/6] Grant setuid/setgid to courier_pop_t Sven Vermeulen
@ 2014-12-30 20:21 ` Sven Vermeulen
2014-12-30 20:21 ` [refpolicy] [PATCH 6/6] Courier IMAP needs to manage the users' maildir Sven Vermeulen
5 siblings, 0 replies; 12+ messages in thread
From: Sven Vermeulen @ 2014-12-30 20:21 UTC (permalink / raw)
To: refpolicy
After succesful authentication, the IMAP daemon will attempt to execute
a helper script called /usr/lib64/courier-imap/courier-imapd.indirect.
This helper script is to initiate the user session.
Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
---
courier.te | 2 ++
1 file changed, 2 insertions(+)
diff --git a/courier.te b/courier.te
index 6082d5c..c06c3ad 100644
--- a/courier.te
+++ b/courier.te
@@ -144,6 +144,8 @@ stream_connect_pattern(courier_pop_t, courier_var_lib_t, courier_var_run_t, cour
domtrans_pattern(courier_pop_t, courier_authdaemon_exec_t, courier_authdaemon_t)
+corecmd_exec_shell(courier_pop_t)
+
miscfiles_read_localization(courier_pop_t)
userdom_manage_user_home_content_files(courier_pop_t)
--
2.0.5
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [refpolicy] [PATCH 6/6] Courier IMAP needs to manage the users' maildir
2014-12-30 20:21 [refpolicy] [PATCH 0/6] Courier IMAPd related policy changes Sven Vermeulen
` (4 preceding siblings ...)
2014-12-30 20:21 ` [refpolicy] [PATCH 5/6] Execute courier helper script after authentication Sven Vermeulen
@ 2014-12-30 20:21 ` Sven Vermeulen
2014-12-30 20:54 ` Dominick Grift
5 siblings, 1 reply; 12+ messages in thread
From: Sven Vermeulen @ 2014-12-30 20:21 UTC (permalink / raw)
To: refpolicy
Without these permissions, the logon immediately terminates and the
following shows up in the logs:
Dec 30 19:45:33 localhost imapd: Connection, ip=[::ffff:192.168.100.152]
Dec 30 19:45:33 localhost imapd: chdir .maildir: Permission denied
Dec 30 19:45:33 localhost imapd: root: Permission denied
The first denial (and many similar ones follow when granted):
type=AVC msg=audit(1419968733.163:197): avc: denied { search } for
pid=4292 comm="courier-imapd" name=".maildir" dev="vda3" ino=393221
scontext=system_u:system_r:courier_pop_t:s0
tcontext=root:object_r:mail_home_rw_t:s0 tclass=dir
Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
---
courier.te | 2 ++
1 file changed, 2 insertions(+)
diff --git a/courier.te b/courier.te
index c06c3ad..49fa11d 100644
--- a/courier.te
+++ b/courier.te
@@ -148,6 +148,8 @@ corecmd_exec_shell(courier_pop_t)
miscfiles_read_localization(courier_pop_t)
+mta_manage_mail_home_rw_content(courier_pop_t)
+
userdom_manage_user_home_content_files(courier_pop_t)
userdom_manage_user_home_content_dirs(courier_pop_t)
--
2.0.5
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [refpolicy] [PATCH 1/6] Courier TCPd startup creates imapd.pid.lock and imapd.lock
2014-12-30 20:21 ` [refpolicy] [PATCH 1/6] Courier TCPd startup creates imapd.pid.lock and imapd.lock Sven Vermeulen
@ 2014-12-30 20:44 ` Dominick Grift
0 siblings, 0 replies; 12+ messages in thread
From: Dominick Grift @ 2014-12-30 20:44 UTC (permalink / raw)
To: refpolicy
On Tue, Dec 30, 2014 at 09:21:34PM +0100, Sven Vermeulen wrote:
> Startup of courier-imapd creates /var/run/imapd.pid.lock and imapd.lock
>
> Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
> ---
> courier.te | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/courier.te b/courier.te
> index ae3bc70..112a60b 100644
> --- a/courier.te
> +++ b/courier.te
> @@ -172,6 +172,8 @@ corenet_tcp_sendrecv_pop_port(courier_tcpd_t)
> dev_read_rand(courier_tcpd_t)
> dev_read_urand(courier_tcpd_t)
>
> +files_pid_filetrans(courier_tcpd_t, courier_var_run_t, file)
Then this should probably go with a file context specification for /var/run/imapd.pid.lock and /var/run/imapd.lock
Could you enclose those as part of this patch if there are none for the above locations already (i could not find them in courier.fc)
> +
> miscfiles_read_localization(courier_tcpd_t)
>
> ########################################
> --
> 2.0.5
>
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy
--
Dominick Grift
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 648 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20141230/22ac2530/attachment.bin
^ permalink raw reply [flat|nested] 12+ messages in thread
* [refpolicy] [PATCH 2/6] Locate authdaemon socket and communicate with authdaemon
2014-12-30 20:21 ` [refpolicy] [PATCH 2/6] Locate authdaemon socket and communicate with authdaemon Sven Vermeulen
@ 2014-12-30 20:47 ` Dominick Grift
2014-12-31 16:04 ` Sven Vermeulen
0 siblings, 1 reply; 12+ messages in thread
From: Dominick Grift @ 2014-12-30 20:47 UTC (permalink / raw)
To: refpolicy
On Tue, Dec 30, 2014 at 09:21:35PM +0100, Sven Vermeulen wrote:
> Without this, authentication fails. The following is shown in the logs:
>
> Dec 30 19:36:54 localhost imapd: Connection, ip=[::ffff:192.168.100.152]
> Dec 30 19:36:54 localhost imapd: authdaemon: s_connect() failed: Permission denied
> Dec 30 19:36:54 localhost imapd: LOGIN FAILED, user=root, ip=[::ffff:192.168.100.152]
> Dec 30 19:36:54 localhost imapd: authentication error: Permission denied
>
> Through logon, the daemon (courier_pop_t) wants to locate the socket in
> /var/lib/courier to initiate communication with the authdaemon.
>
> Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
> ---
> courier.te | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/courier.te b/courier.te
> index 112a60b..c4ab936 100644
> --- a/courier.te
> +++ b/courier.te
> @@ -137,6 +137,8 @@ allow courier_pop_t courier_tcpd_t:{ unix_stream_socket tcp_socket } rw_stream_s
>
> allow courier_pop_t courier_var_lib_t:file { read write };
>
> +stream_connect_pattern(courier_pop_t, courier_var_lib_t, courier_var_run_t, courier_authdaemon_t)
Could you explain what a sock file with type courier_var_run_t is doing in a directory with type courier_var_lib_t?
I suspect that above should probably instead be "stream_connect_pattern(courier_pop_t, courier_var_lib_t, courier_var_lib_t courier_authdaemon_t)"
If my assumption is wrong then please explain why
> +
> domtrans_pattern(courier_pop_t, courier_authdaemon_exec_t, courier_authdaemon_t)
>
> miscfiles_read_localization(courier_pop_t)
> --
> 2.0.5
>
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy
--
Dominick Grift
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 648 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20141230/59154518/attachment.bin
^ permalink raw reply [flat|nested] 12+ messages in thread
* [refpolicy] [PATCH 6/6] Courier IMAP needs to manage the users' maildir
2014-12-30 20:21 ` [refpolicy] [PATCH 6/6] Courier IMAP needs to manage the users' maildir Sven Vermeulen
@ 2014-12-30 20:54 ` Dominick Grift
2014-12-31 16:09 ` Sven Vermeulen
0 siblings, 1 reply; 12+ messages in thread
From: Dominick Grift @ 2014-12-30 20:54 UTC (permalink / raw)
To: refpolicy
On Tue, Dec 30, 2014 at 09:21:39PM +0100, Sven Vermeulen wrote:
> Without these permissions, the logon immediately terminates and the
> following shows up in the logs:
>
> Dec 30 19:45:33 localhost imapd: Connection, ip=[::ffff:192.168.100.152]
> Dec 30 19:45:33 localhost imapd: chdir .maildir: Permission denied
> Dec 30 19:45:33 localhost imapd: root: Permission denied
>
> The first denial (and many similar ones follow when granted):
>
> type=AVC msg=audit(1419968733.163:197): avc: denied { search } for
> pid=4292 comm="courier-imapd" name=".maildir" dev="vda3" ino=393221
> scontext=system_u:system_r:courier_pop_t:s0
> tcontext=root:object_r:mail_home_rw_t:s0 tclass=dir
>
> Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
> ---
> courier.te | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/courier.te b/courier.te
> index c06c3ad..49fa11d 100644
> --- a/courier.te
> +++ b/courier.te
> @@ -148,6 +148,8 @@ corecmd_exec_shell(courier_pop_t)
>
> miscfiles_read_localization(courier_pop_t)
>
> +mta_manage_mail_home_rw_content(courier_pop_t)
> +
Should this go together with a "mta_home_filetrans_mail_home(courier_pop_t, dir, ".maildir")", i.e. should courier-imapd be able to create that directory if it does not already exist?
> userdom_manage_user_home_content_files(courier_pop_t)
> userdom_manage_user_home_content_dirs(courier_pop_t)
>
The above may, or may not, be redundant now that we have a .maildir with a private type
> --
> 2.0.5
>
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy
--
Dominick Grift
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 648 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20141230/f8a76373/attachment-0001.bin
^ permalink raw reply [flat|nested] 12+ messages in thread
* [refpolicy] [PATCH 2/6] Locate authdaemon socket and communicate with authdaemon
2014-12-30 20:47 ` Dominick Grift
@ 2014-12-31 16:04 ` Sven Vermeulen
0 siblings, 0 replies; 12+ messages in thread
From: Sven Vermeulen @ 2014-12-31 16:04 UTC (permalink / raw)
To: refpolicy
On Tue, Dec 30, 2014 at 09:47:57PM +0100, Dominick Grift wrote:
> > diff --git a/courier.te b/courier.te
> > index 112a60b..c4ab936 100644
> > --- a/courier.te
> > +++ b/courier.te
> > @@ -137,6 +137,8 @@ allow courier_pop_t courier_tcpd_t:{ unix_stream_socket tcp_socket } rw_stream_s
> >
> > allow courier_pop_t courier_var_lib_t:file { read write };
> >
> > +stream_connect_pattern(courier_pop_t, courier_var_lib_t, courier_var_run_t, courier_authdaemon_t)
>
> Could you explain what a sock file with type courier_var_run_t is doing in a directory with type courier_var_lib_t?
>
> I suspect that above should probably instead be "stream_connect_pattern(courier_pop_t, courier_var_lib_t, courier_var_lib_t courier_authdaemon_t)"
> If my assumption is wrong then please explain why
Good catch. Indeed, I had a stale courier_var_run_t laying around in an
attempt for reconfiguring the daemons to use /var/run/courier instead of
/var/lib/courier for the socket. But I failed miserably and I don't know why
- it continues to make the socket in /var/lib/courier.
I reset the contexts of /var/lib completely and can confirm that
courier_var_lib_t is what is needed. I'll update the patch to this.
Wkr,
Sven Vermeulen
^ permalink raw reply [flat|nested] 12+ messages in thread
* [refpolicy] [PATCH 6/6] Courier IMAP needs to manage the users' maildir
2014-12-30 20:54 ` Dominick Grift
@ 2014-12-31 16:09 ` Sven Vermeulen
0 siblings, 0 replies; 12+ messages in thread
From: Sven Vermeulen @ 2014-12-31 16:09 UTC (permalink / raw)
To: refpolicy
On Tue, Dec 30, 2014 at 09:54:21PM +0100, Dominick Grift wrote:
> > diff --git a/courier.te b/courier.te
> > index c06c3ad..49fa11d 100644
> > --- a/courier.te
> > +++ b/courier.te
> > @@ -148,6 +148,8 @@ corecmd_exec_shell(courier_pop_t)
> >
> > miscfiles_read_localization(courier_pop_t)
> >
> > +mta_manage_mail_home_rw_content(courier_pop_t)
> > +
>
> Should this go together with a "mta_home_filetrans_mail_home(courier_pop_t, dir, ".maildir")", i.e. should courier-imapd be able to create that directory if it does not already exist?
Not here at least. The daemon does not try to create the .maildir - it
expects that it is already there. Without the directory available, the login
fails and in the logs the following is shown:
Dec 31 15:57:06 localhost imapd: Connection, ip=[::ffff:192.168.100.152]
Dec 31 15:57:06 localhost imapd: chdir .maildir: No such file or directory
Dec 31 15:57:06 localhost imapd: root: No such file or directory
There are no denials (even with dontaudits disabled) that show that it
tries to create it. So the admin needs to create it using the maildirmake
application (also provided through the courier-imap package).
> > userdom_manage_user_home_content_files(courier_pop_t)
> > userdom_manage_user_home_content_dirs(courier_pop_t)
> >
>
> The above may, or may not, be redundant now that we have a .maildir with a private type
Indeed, at least it is not necessary on my test system anymore. I'll remove
it with the patch as well.
Wkr,
Sven Vermeulen
^ permalink raw reply [flat|nested] 12+ messages in thread
end of thread, other threads:[~2014-12-31 16:09 UTC | newest]
Thread overview: 12+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-12-30 20:21 [refpolicy] [PATCH 0/6] Courier IMAPd related policy changes Sven Vermeulen
2014-12-30 20:21 ` [refpolicy] [PATCH 1/6] Courier TCPd startup creates imapd.pid.lock and imapd.lock Sven Vermeulen
2014-12-30 20:44 ` Dominick Grift
2014-12-30 20:21 ` [refpolicy] [PATCH 2/6] Locate authdaemon socket and communicate with authdaemon Sven Vermeulen
2014-12-30 20:47 ` Dominick Grift
2014-12-31 16:04 ` Sven Vermeulen
2014-12-30 20:21 ` [refpolicy] [PATCH 3/6] Allow authdaemon to access selinux fs to check SELinux state Sven Vermeulen
2014-12-30 20:21 ` [refpolicy] [PATCH 4/6] Grant setuid/setgid to courier_pop_t Sven Vermeulen
2014-12-30 20:21 ` [refpolicy] [PATCH 5/6] Execute courier helper script after authentication Sven Vermeulen
2014-12-30 20:21 ` [refpolicy] [PATCH 6/6] Courier IMAP needs to manage the users' maildir Sven Vermeulen
2014-12-30 20:54 ` Dominick Grift
2014-12-31 16:09 ` Sven Vermeulen
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.