Content-type: text/html Manpage of dovecot_selinux

dovecot_selinux

Section: dovecot SELinux Policy documentation (8)
Updated: dovecot
Index Return to Main Contents

NAME

dovecot_selinux - Security Enhanced Linux Policy for the dovecot processes

DESCRIPTION

Security-Enhanced Linux secures the dovecot processes via flexible mandatory access control.

NSSWITCH DOMAIN

If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the dovecot_auth_t, dovecot_t, dovecot_deliver_t, you must turn on the authlogin_nsswitch_use_ldap boolean.

setsebool -P authlogin_nsswitch_use_ldap 1

If you want to allow confined applications to run with kerberos for the dovecot_auth_t, dovecot_t, dovecot_deliver_t, you must turn on the kerberos_enabled boolean.

setsebool -P kerberos_enabled 1

FILE CONTEXTS

SELinux requires files to have an extended attribute to define the file type.

You can see the context of a file using the -Z option to lsP Policy governs the access confined processes have to these files. SELinux dovecot policy is very flexible allowing users to setup their dovecot processes in as secure a method as possible.

The following file types are defined for dovecot:

dovecot_auth_exec_t

- Set files with the dovecot_auth_exec_t type, if you want to transition an executable to the dovecot_auth_t domain.

Paths:: /usr/libexec/dovecot/auth, /usr/libexec/dovecot/dovecot-auth

dovecot_auth_tmp_t

- Set files with the dovecot_auth_tmp_t type, if you want to store dovecot auth temporary files in the /tmp directories.

dovecot_cert_t

- Set files with the dovecot_cert_t type, if you want to treat the files as dovecot certificate data.

Paths:: /usr/share/ssl/certs/dovecot.pem, /usr/share/ssl/private/dovecot.pem, /etc/pki/dovecot(/.*)?

dovecot_deliver_exec_t

- Set files with the dovecot_deliver_exec_t type, if you want to transition an executable to the dovecot_deliver_t domain.

Paths:: /usr/libexec/dovecot/dovecot-lda, /usr/libexec/dovecot/deliver

dovecot_deliver_tmp_t

- Set files with the dovecot_deliver_tmp_t type, if you want to store dovecot deliver temporary files in the /tmp directories.

dovecot_etc_t

- Set files with the dovecot_etc_t type, if you want to store dovecot files in the /etc directories.

Paths:: /etc/dovecot.conf.*, /etc/dovecot(/.*)?

dovecot_exec_t

- Set files with the dovecot_exec_t type, if you want to transition an executable to the dovecot_t domain.

dovecot_initrc_exec_t

- Set files with the dovecot_initrc_exec_t type, if you want to transition an executable to the dovecot_initrc_t domain.

dovecot_passwd_t

- Set files with the dovecot_passwd_t type, if you want to treat the files as dovecot passwd data.

dovecot_spool_t

- Set files with the dovecot_spool_t type, if you want to store the dovecot files under the /var/spool directory.

dovecot_t_keytab_t

- Set files with the dovecot_t_keytab_t type, if you want to treat the files as kerberos keytab files.

dovecot_tmp_t

- Set files with the dovecot_tmp_t type, if you want to store dovecot temporary files in the /tmp directories.

dovecot_var_lib_t

- Set files with the dovecot_var_lib_t type, if you want to store the dovecot files under the /var/lib directory.

Paths:: /var/run/dovecot/login/ssl-parameters.dat, /var/lib/dovecot(/.*)?

dovecot_var_log_t

- Set files with the dovecot_var_log_t type, if you want to treat the data as dovecot var log data, usually stored under the /var/log directory.

Paths:: /var/log/dovecot.log.*, /var/log/dovecot(/.*)?

dovecot_var_run_t

- Set files with the dovecot_var_run_t type, if you want to store the dovecot files under the /run directory.

Note: File context can be temporarily modified with the chcon command. If you want to permanently c

This document was created by man2html, using the manual pages.
Time: 19:31:14 GMT, September 30, 2012