dovecot before daemon starts for correct SE Linux label

Russell Coker Wed, 14 Oct 2015 01:10:30 -0700

Package: dovecot-core
Version: 1:2.2.13-12~deb8u1
Severity: normal


Please include the following changes to /etc/init.d/dovecot (or something 
functionally
equivalent) as well as something similar for systemd-tmpfiles to create and 
label
/var/lib/dovecot before the Dovecot daemons start.

In the SE Linux policy I don't want to permit Dovecot to create arbitrary 
directories
under /var/lib and this minor change avoids that need.

--- /etc/init.d/dovecot.orig    2015-10-14 07:52:53.312894800 +0000
+++ /etc/init.d/dovecot 2015-10-14 07:54:03.461230326 +0000
@@ -80,6 +80,8 @@
 #
 do_start()
 {
+    mkdir -p /var/lib/dovecot
+    [ -x /sbin/restorecon ] && /sbin/restorecon /var/lib/dovecot
     # Return
     #   0 if daemon has been started
     #   1 if daemon was already running
--- /dev/null   2015-10-14 05:42:25.460000000 +0000
+++ /usr/lib/tmpfiles.d/dovecot.conf    2015-10-14 07:57:32.526263704 +0000
@@ -0,0 +1 @@
+D /var/lib/dovecot 0755 root root

-- Package-specific info:

-- System Information:
Debian Release: 8.2
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages dovecot-core depends on:
ii  adduser              3.113+nmu3
ii  init-system-helpers  1.22
ii  libbz2-1.0           1.0.6-7+b3
ii  libc6                2.19-18+deb8u1
ii  liblzma5             5.1.1alpha+20120614-2+b3
ii  libpam-runtime       1.1.8-3.1
ii  libpam0g             1.1.8-3.1
ii  libssl1.0.0          1.0.1k-3+deb8u1
ii  libwrap0             7.6.q-25
ii  openssl              1.0.1k-3+deb8u1
ii  ucf                  3.0030
ii  zlib1g               1:1.2.8.dfsg-2+b1

dovecot-core recommends no packages.

Versions of packages dovecot-core suggests:
pn  dovecot-gssapi        <none>
ii  dovecot-imapd         1:2.2.13-12~deb8u1
pn  dovecot-ldap          <none>
pn  dovecot-lmtpd         <none>
pn  dovecot-lucene        <none>
pn  dovecot-managesieved  <none>
ii  dovecot-mysql         1:2.2.13-12~deb8u1
pn  dovecot-pgsql         <none>
ii  dovecot-pop3d         1:2.2.13-12~deb8u1
pn  dovecot-sieve         <none>
pn  dovecot-solr          <none>
pn  dovecot-sqlite        <none>
ii  ntp                   1:4.2.6.p5+dfsg-7

Versions of packages dovecot-core is related to:
ii  dovecot-core [dovecot-common]  1:2.2.13-12~deb8u1
pn  dovecot-dbg                    <none>
pn  dovecot-dev                    <none>
pn  dovecot-gssapi                 <none>
ii  dovecot-imapd                  1:2.2.13-12~deb8u1
pn  dovecot-ldap                   <none>
pn  dovecot-lmtpd                  <none>
pn  dovecot-managesieved           <none>
ii  dovecot-mysql                  1:2.2.13-12~deb8u1
pn  dovecot-pgsql                  <none>
ii  dovecot-pop3d                  1:2.2.13-12~deb8u1
pn  dovecot-sieve                  <none>
pn  dovecot-sqlite                 <none>

-- Configuration Files:
/etc/init.d/dovecot changed [not included]

-- no debconf information

Bug#801752: dovecot-core: Please create /var/lib/dovecot before daemon starts for correct SE Linux label

Reply via email to