> > Pardon me for the dumb question but I'm having a migraine and must > prepare > > for a midterm tomorrow; > > > > > allow dovecot_t dovecot_etc_t:file read_file_perms; > > > > How do I do that? :) > > > Hmm either I forgot to reply, or the reply didn't reach my mailbox, so > here > goes the answer ;-) > > http://www.gentoo.org/proj/en/hardened/selinux-faq.xml#localpolicy > > In short, you'll need to create a policy file, build it and include it in > the system. The policy will be inserted in the policy store so that it is > loaded every time you (re)boot the system, so you can remove the source > file > if you want. > > Usually you don't want to though. I personally have a single > "localpolicy.te" file in which I put all my exceptional rules (that don't > need to be part of the main policy, but are necessary on my system) and > maintain that file.
In the end, this is no longer apropos (for now) because I transferred all my mail setup to google apps for business but I got a new spare computer which I will use for R&D of a numbers of projects including developing policy files for selinux. Do you have some project for which I could help develop policy files? This will be a good way for me to learn selinux. Alain
